| With the rapid development of computer network and application, network securitysituation becomes more and more serious, previous single and static firewall strategycan not be good to deal with the increasingly serious network security. Intrusiondetection system is in this context of the emergence and development. Intrusiondetection system is a combination of software and hardware, apply intrusion detectiontechnology on the malicious or attack for detection and alarm processing, detection ofthe content can be a network data stream, can also be a terminal host equipment data, ithas the surveillance and detection function to the protected network, external hostile oraggressive behavior. It is especially meaningful to strengthen the network to use withfirewall strategy.Snort is a typical lightweight network intrusion detection system, with open source,dynamic defense and other characteristics. Snort structure principles and practicalapplications of the study, to research and development of other commercial intrusiondetection system, has the academic and commercial value.At present most of snort’s study mainly concentrates in the snort rule matchingalgorithm, focus on improving the performance of the algorithm and reduce the timecomplexity, and paid too little attention to the head matching part which accounts forsnort of total run time15.2%. If it can reduce the matching time, including the matchingrules and rule options head matching time, can also improve the efficiency andperformance of the system. The effect of combination of advanced matching algorithmto improve the overall performance of the system will be more distinct. The main workof this thesis includes:①On the basis of snort, thoroughly analyses the snort system structure, amplystudy most of snort modules, deeply analyses the format and organization form of snort,on the basis of this study related technology which can improve snort detectionprocessing speed.②On the basis of the study of the static method of alignment and dynamicalignment method, including one step alignment method and the two step alignmentmethod, this paper gives the improved two step dynamic alignment method withsuperior performance. ③Combining the improved two-step dynamic rule alignment method, this paperpresents a new method can improve the processing speed of snort, it is the Highfrequency-based rule set matching method. Based on DAPRA1999data sets groupingcontrast test and analysis, the results shows that the new method proposed by this papercan effectively improve the detection rate of snort, it faster by an average of about17.25%than the original method. |
PDF Full Text Request