Research And Implementation Of Algorithm Based On Rule-matching In Snort

With the rapid development of computer network, people’s lives are undergoing profound changes. Computer network have become an important part of daily life. However, the network security issue has been the focus of research and attention. From the national to individual, everyone is aware of the importance of network security.Intrusion detection system as one of the representatives of the network security technology, has been the attentions of research and scholars. As a young branch, model, principle, function and classification of intrusion detection system are worth learning. Intrusion detection technology is standing out from traditional network security technology, and it has become the mainstream technology in the network security.Snort is lightweight and open-source intrusion detection system. Analysis of the working principle, the detection process, rules of grammar is essential for learning Snort system. This paper analyzes the Snort from capturing data packets, packet decoders, the process of pre-processor, rules for parsing and detection engine as well as response and output。This paper focuses on the analysis of Snort detection engine uses pattern matching algorithm and analyzed the BM algorithm, BMH algorithm, BMHS algorithm. It pointing out their advantages and disadvantages, and the idea of BM and its improved algorithm. On this basis, thinking from three aspects and using the two character sequence detection method, this paper put forward an improved BM algorithm. Then, expanding in the BMH algorithm and BMHS algorithm idea, this paper put forward another improved BM algorithm.On the basis of study and analysis of Snort system, this paper designs a Snort intrusion detection system in the Windows platform. Intrusion detection analysis results can be graphically. Finally, the improved algorithm is applied to Snort system. Verified by experiments and comparative analysis,the improved algorithms are better than BM algorithm and its improved algorithm in efficiency.It proved that the improved algorithm is successful. It is also helpful for the development of the Snort system.