Research Of Multiple Pattern Matching Algorithm In Intrusion Detection

With the rapid development of the Internet technology, it brings great convenience to life and work of vast number of users, which also brings network security problem that can’t be ignored. Intrusion detection technology provides an active security defense technology, finds potential risk timely through real-time monitor of the network data flow, and protects network system from serious violation. Therefore, the research on how to improve the efficiency of the pattern matching algorithm has an important significance to improve the detection efficiency of intrusion detection system.This paper firstly introduces the research status of intrusion detection system at home and abroad, then the related theory of intrusion detection are summarized and analyzed, and the classification, composition, and operational mechanism of the intrusion detection system is mainly studied; Secondly, the basic concept of lightweight Snort system is simply introduced, and the modular structure and plug-in mechanism of Snort system is elaborated in detail, then the structure of Snort rules is analyzed and the work flow of main parts of the system is studied. Next, the basic concept of pattern matching is simply introduced, and several single pattern and multiple pattern matching algorithm is analyzed to have a detailed understanding of the matching principle and the matching algorithm process. AC algorithm and BM algorithm are selected as research object, and we put forward a new algorithm of bidirectional matching algorithm-DAC algorithm and the improved algorithm-DAC_BM algorithm, which adding a reversed finite state automaton on the basis of the original AC algorithm, then we using the jump idea of BM algorithm to reduce unnecessary comparison, and improve the matching efficiency in the process of matching.Combining with the technology we introduced above, the ACID intrusion detection console based on Snort system is built, in which the DAC_BM algorithm is integrated, and the intrusion detection evaluation sets of Lincoln laboratory DARPA is selected as the performance test data, then the detection time of all packets of these algorithms and the number of packets per second are recorded. The experimental results show that compared with several other algorithms, DAC_BM algorithm has higher detection efficiency, and intrusion detection system can detect the illegal invasion behavior more quickly and accurately.