| Detection moduleis the key module of the Intrusion Detection System(IDS). Pattern matching is a very important detection method for Network Intrusion Detection System, and it has a directly influence on the real time performance of the IDS. This paper firstly introduces the principle of IDS and frame of the Snort IDS, further analysis of the program. Then we study the main pattern matching algorithms now using in IDS such as BM, BMH, QS and AC, after that we bring forward an improved algorithm named HAC, and analyze both of their time complexity and pace complexity. The improved algorithm can match many patterns at one time and it obtains bigger skip value, so it can match patterns quicker. Finally some of these algorithms are implemented in text test, and experiments indicate that the improved algorithm HAC provides a significant improvement in pattern matching performance when it is used in an Intrusion Detection System. |
PDF Full Text Request