Research On Intrusion Detection Algorithm Based On Snort Platform

With the continuous development and extensive application of the Internet,the problem of network security becomes more and more serious.In order to deal with this problem,a proactive defense mechanism is needed to provide real-time protection of the system and to detect intrusion before the network system is compromised.Intrusion detection is an active defense intrusion of the security mechanism.It is an important part of network security protection,which can automatically identify abnormal operation and unauthorized access.This paper analyzes the principle and model development of intrusion detection system,and explains the reasons for the research based on Snort.The main work of each module of Snort intrusion detection system and the work flow of Snort are also analyzed.Snort is rule-based and misuse-based of intrusion detection system,Pattern matching process is the main process and the main performance bottleneck of system operation.So in this paper,a variety of pattern matching algorithm in Snort is deeply studied,including single pattern matching algorithm.It can be find that the AC algorithm is more efficient than normal single pattern matching,but There is unnecessary comparison.in order to further improve the performance and efficiency of intrusion detection system,A new multi-pattern matching algorithm based on double automata combined with suffix automata is proposed.The algorithm used suffix automaton reverse scan the text string to find the largest substring in the pattern string,on this basis,with AC automata forward scan the text string.The suffix automata also used to obtain the maximum jump distance.The algorithm has been implemented by modifying the source code of Snort,and the performance of several algorithms are compared by experiments.Experimental results show that compared with AC algorithm,AC –SPLIT algorithm and WMW algorithm the proposed algorithm can improve the detection efficiency,And the more rules,the smaller the impact of the time performance of the algorithm.Finally,this paper analyzes the architecture,design,installation and configuration of the network intrusion detection system,and implements Snort intrusion detection system which can provide graphical management interface based on Win7 system.