Research On The Pattern Matching Algorithm Under The Intrusion Detection System-snort

The rapid development of the Internet brings great convenience to people's work and live, but as the popularity of modern network, the network attendant insecurity also brings to the information security challenges, the traditional network security technology has difficulty to deal with these increasingly serious security threat, so it is necessary to develop special tools to avoid the insecurity of the attack, and intrusion detection technologies can be a very important technology work for us.Network security intrusion detection is a relatively new subject, The engine of testing is the core module of the Intrusion Detection System ,and the detection rate of speed directly affects the efficiency of network intrusion detection systems.Pattern matching intrusion detection system is an important detection method and the performance of intrusion detection system is essential.Intrusion Detection System in accordance with the data analysis model points can be divided into anomaly intrusion detection and misuse intrusion detection, for the current misuse intrusion detection systems based on pattern matching, intrusion detection testing efficiency is mainly reflected in the pattern matching's speed. The good pattern matching algorithm is the key to improve the detection rate. By doing research on intrusion detection theory and the architecture of intrusion detection system -- snort tool this paper gives a detailed analysis on two pattern matching algorithm, single mode BM algorithm and multi mode Wu-Manber algorithm. Then some improvements have been made to these two algorithms. The results of the experiment shows that the improved algorithms perform much better, so it is safely concluded that these two algorithms are correct and efficient and when applying to intrusion detection system. In addition, the effect of Snort in Windows, visual interface to build for the installation and testing, making Snort can be achieved in the Windows environment, the real-time web interface analysis, so that network staff to easily maintain and manage the network properly.