| With the rapid development of network technology, hacking incidents have gradually increased. The intrusion detection is an important safety technology in the network security defensive system after the firewall, and it can carry on real-time detection and monitor the system in the entire process.Along with network scale unceasing expansion and intrusion method unceasing renewal, a higher request to intrusion detection technology is set. At present the main problem of the technology is that the growing network traffic which makes a challenge to the intrusion detection real-time and data process efficiency. Therefore, how to enhance the detection efficiency of the intrusion detection system, and reduce the rate of false alarm and missing report is the key technology about this research.As the core module of intrusion detection system, detection engine generally uses the methods based on pattern matching. The selection of a good pattern matching algorithm, therefore, plays a critical role in the function of IDS. As for Snort in reality, its rules call for frequent updating and the number is increasing. The orderly organization of rules could speed up the rules matching while the structure of rules could affect the detection speed. Based on the analysis of Snort intrusion detection system, this paper makes an improvement to its disadvantage. The structure of Snort rules has been optimized by the three linkage strategy; improvements were made on its pattern matching algorithm BM and named BMI. The two special characters are used for mismatch jumping in the improving algorithms so as to reduce time and improve the function of Snort. The experiment results of the original system and the improved one shows that the performance of the latter is better than the former. |
PDF Full Text Request