| With different industries increasingly depending on the networks, the security problem of network becomes more serious. The intrusion detection technology is a means of dynamic security protection, which can identify intrusion information actively. The intrusion detection technology provides security for the networks, and it’s one important part of the network’s security system.This paper introduces some related technology of the intrusion detection, analyzes a typical intrusion detection system Snort in detail, and introduces Snort’s architecture, working mode, rule and so on.The paper also analyzes the application of multi-pattern match algorithm in the intrusion detection, and gives a detailed introduction and comparison between the algorithm of AC and WM. But with the development of network’s technology and the increasing complexity of rules, the match engine of traditional character string is being replaced by the advanced regular expression. Regular expression matches can be divided into Non-deterministic Finite Automaton (NFA) and Deterministic Finite Automaton (DFA). DFA is better fit for the network, so we usually research on the regular expression based on DFA. Though the DFA has the advantages of speed, but it consumes too much space and the rule collection is very large, which makes the performance of DFA drop seriously.According to the disadvantage of DFA, we add the pretreatment to the rules, analyze the rules that are to be constructed, divide the similar rules into the same group, and decrease the number of DFA that is built and the time used in constructing the DFA. Through analyzing the rules, and decreasing the status number of DFA, we make the system use memory as little as possible, speed up constructing DFA as soon as possible. The improvement can increase the matching speed of the rules, and decrease the system using memory. |
PDF Full Text Request