| With the rapid development of networks, network security becomes an unavoidable problem people have to face. Firewall is the first line of defense traditionally. Now single firewall can not protect network security in that hackers have more and more enriching knowledge and evasion tool and their means become more and more complex. It is necessary to adopt a deep and multiplex method. Under this back ground, intrusion detection has been an active research field. As one important component of detecting illicit activitics it aims at computer and network and preventing them from destroying. Intrusion Detection System was born.First, the principle and performance data of five pattern match algorithms such as BF, KMP, BM, BMH and AC-BM are discussed indetail. The two algorithms, BM and BMH, are realized by programming. Taking the Snort as an example, the problems and the bottle neck of pattern match are analyzed. Subsequently two new algorithms that can mend the problem are presented. The first algorithm is to increase a preprocessor which can reduce to unnecessarily match number of times and can be applied into the single pattern matching algorithm and multiple pattern matching algorithm. The second one is to make sure how much shift can be moved by the character which followed close behind after the current string. This algorithm has maching rapidly and convenient specialties. The two proposed algorithms are very rapid inpractical running. The code of these two algorithms is brought forward.At last, pattern matching and protocol analysis are contrasted from multi-angle and multi-level in the face of immoderate dispute of intrusion detection field. At the end of this thesis, a new NIDS model is proposed. Two detection methods for NIDS are appeared in the model, and the whole design is ach- ieved. |
PDF Full Text Request