| With the rapid development of internet,network security has increasingly become the object of attention and research.The traditional network security defense idea is based on the existing network architecture,including the establishment of firewall and security gateway,intrusion detection,virus killing,access control,data encryption and other multi-level defense system to enhance the security of the network and its application In recent years,Combined with firewall and intrusion detection of their respective advantages intrusion defense technology has been developing rapidly,It implement Deep packet inspection and Real-time defense to network packet.But network intrusion prevention system also face some such as h as excessive time delay and packet loss problems that affecting the system performance,Along with the network traffic and data application of explosive growth,Intrusion prevention system has become the main bottleneck of network performance.So how to optimize the function of the intrusion prevention system,Reduce the network delay and packet loss rate,and improve the throughput of communication is an urgent need to solve the problem now.In this paper,Analyses the principle and process of rule matching of intrusion detection system based on Snort in detail,and do an in-depth analysis the reasons of the influence of network time delay and packet-loss.To optimize the rule link,First of all,according to the rules of common characteristics refines rules set,then according to the information of matching rules to establish rapid matching index list,so it reduces redundant inspections and packet loss rate.Finally,this paper introduces in detail the installation of Snort intrusion detection system,and applies the optimization strategy to the intrusion detection system.The test of overall performance shows that the improved system on the detection efficiency improved. |
PDF Full Text Request