Research On The Application Of Pattern Matching Algorithm In Network Intrusion Detection System

The rapid development of network technology makes the computer network increasingly become an indispensable and important part in people’s work and life, but the increasingly serious network security problems are also accompanied, in order to maintain the security of network and system, a variety of techniques and methods have been proposed. In recent years, the static security protection technology such as firewall and authentication has been unable to meet the increasingly stringent security requirements. Therefore, as one of the new generation of computer security technology, intrusion detection technology has been widely studied and applied.The current intrusion detection technology includes multiple techniques, pattern matching is one of the important methods. In an intrusion detection system which is based on the pattern matching method, pattern matching takes a lot of time in the entire testing process, so the performance of pattern matching algorithm directly affects the detection efficiency of the whole intrusion detection system. One single string matching process can detect single pattern string or simultaneously detect multiple pattern string, with that difference, pattern matching algorithm can be divided into two kinds, they are single pattern matching algorithm and multiple pattern matching algorithm. With the development of network system and technology, multiple pattern matching algorithm has increasingly become the research hotspot.This paper firstly describes the related techniques and theories of intrusion detection technology, then details and analyzes several classic and improved pattern matching algorithms in the field of intrusion detection, such as BF algorithm, KMP algorithm, BM algorithm and BMH algorithm in single pattern matching algorithms and AC algorithm, AC-BM algorithm and AC-BMH algorithm in multiple pattern matching algorithms. Focusing on multiple pattern matching algorithm, this paper designs and implements two algorithms based on the optimization of time and space performance. These two algorithms are M-AC algorithm and DAC-BMH algorithm, their modifications have different focus, the former focuses on the increase of both time and space performance, while the latter only focuses on the detection speed. Finally, this paper uses two types of experiment to do the tests, the first one uses Snort and related test data set to complete the comparison and evaluation of improved DAC-BMH algorithm and the original AC-BMH algorithm, then by changing the number or length of patterns, the comparison of DAC-BMH algorithm and several classical algorithms is experimented, this experiment focuses intrusion detection efficiency. The results of these experiments all achieve the expected goals.