| Against the growing problem of network security issues, there are more and morenetwork security methods. Intrusion detection system is one of them. Network IntrusionDetection System(NIDS) is a pro-active preventive safety technology, real-timemonitoring of network transmission, and take the appropriate response to the discoveryof a suspicious transmission. With the speeding up of the network environment and thegrowing of network attacks, the network packets that NIDS have to deal with expandrapidly. When exceeding its processing capacity, NIDS will have the phenomenon ofpacket loss.This thesis is on how to improve the detection efficiency of the NIDS. We take thesnort intrusion detection system as our research object. Through the analysis to snort,we find that the pattern matching operations is the key to the impact of intrusion detect-ion system performance, Approximately accounted for about50%of the system runningtime. obviously, improving the mode-matching operations can effectively improveoverall system performance.This thesis mainly research the AC pattern matching algorithm of the snort, throughthe improvements of the algorithm to improve the algorithm and the system’sperformance. We improve the serial AC algorithm firstly, as the AC algorithm isconsummate enough, the effect of the improvement is not obvious. Taking intoaccount the pattern matching operation is very suitable in a single instruction multipledata parallel processing forms, combined with the GPU architecture and its high parallelcomputing capability, we decide to implement the GPU-based parallel AC algorithm.We improve the snort to make it adapt to the parallel AC algorithm. Through the experi-ments, the improved parallel AC algorithm really get better performance than AC: theability of character matching upgrades from155MB/s to2.3GB/s, and the proportionof computing time reduced from60%to10%. The improved snort system is also get abetter performance than before. |
PDF Full Text Request