Intrusion Detection System In Single Mode Matching Algorithm

With the rapid development of network technology, the Defensive Technology of Network Security is faced with more pressure because the value that network information contains is increasing. Intrusion Detection System is a key member of the Defensive System of Network Security. So, it is useful to improve the efficiency of the IDS.Intrusion Detection Method is the core of IDS. At present, Pattern Matching is the common method which are still using at IDS. So, an efficient Matching Method is very important for IDS. In a way, it is significant to speedup the pattern matching especially in the premise of the performance of the computer hardware improves sharply.In this paper, the main job is the following aspects:(1) At first, we introduced the IDS and Intrusion Detection Methods. Then, we analyses the single pattern matching algorithm such as: BF algorithm, KMP algorithm, BM algorithm, BMH algorithm and Sunday algorithm. We analyses the matching process of each algorithm and summarized their advantages, disadvantages and applicability. The result will become the matting of the following research.(2) For the flaws of Sunday algorithm, firstly proposed the first improved algorithm-UST (Used Sunday Algorithm Twice) algorithm. UST algorithm adds another pro-function to calculate the shit-right-distance and it can guarantee every time the shit-right-distance is close to m+1. Testing by experiment, we found the UST algorithm is more suitable when the pattern length is larger and verified a conventional theory's incomplete.(3) By following the flaws of UST algorithm, we got another improved algorithm named Sunday2 algorithm. Sunday2 algorithm used window principles to avoid"Back"phenomenon what is appears in UST algorithm. In the best case, the pattern's shit-right-distance enlarged nearly as much as twice. This method improved the pattern matching speed sharply. The experiment results show that Sunday2 algorithm have better performance and universal.(4) We tested Sunday2 algorithm at Snort system. The result show that Sunday2 algorithm can upgrade the matching speed but it cost more memory than Sunday algorithm. At present, computer's memory is not the key factor influence the performance of computer. So, in a way, Sunday2 algorithm is useful for real IDS.