The Research And Improvement Of BM Algorithm In The Intrusion Detection System Based On Snort

With the development of Network Communication Technology, the world has entered a digital and informational era. The computer network has transferred from individual LAN to trans-regional and international network. As the expansion of openness, sharing and interconnection of network, especially with the emergence of Internet, the importance of network and its influence to society is becoming more and more. The society also depends more and more on computer network. The issue of computer network security becomes an important problem in the development of Internet and network application.Intrusion detection system is a system which protects the network and host safety through checking whether actions, which violate security strategy, and signs attacked exist in computer or network, and then responding to them.Snort is a free lightweight intrusion detection tool whose source code written in C is open. It captures network transmission data packets on sharing network, analysis them, matches features of intrusions or detects abnormal behaviors from the point of network activities, and then completes warnings or records of intrusions.Through the research and analysis of network intrusion detection technologies, intrusion detection models and intrusion detection systems, this paper proposes a good understanding of network intrusion detection method and its realization structure. This paper mainly studies model matching algorithm adopted by Snort detection engine and introduces the single-model BM matching algorithm, KMP algorithm and multiple-model matching AC algorithm. On the base of analysis of several algorithms, this paper proposes an improved model matching algorithm based on BM algorithm. This algorithm incorporates advantages of BM and KMP algorithms and overcomes some disadvantages of BM algorithm. Furthermore, this paper programs for improved algorithm, then compare the two algorithms performance through experiments. Analysis and experiments indicate that the efficiency of improved algorithm has been significantly increased. Finally, we realize the installation and configuration of intrusion detection system based on Snort in the Windows system.