| While the rapid development of the Internet has brought us convenience,it is also a test of information security for individuals,enterprises,governments,and military units.More stringent security protection measures are needed under the variable security threats.The traditional network security technology is based on protection,that is,the protection measures based on firewalls,appears to be inadequate in the face of the large-scale network and complicated intrusion.Intrusion detection technology emerges as the times require.Intrusion detection technology is one of the core of network security.It collects and analyzes information from several key points by monitoring the status and behavior of the network and system,and then detects whether there is a violation of the security policy in the network or system,or whether there is an external intruder use system security flaws to invade the system.The combination of intrusion detection software and hardware is called Intrusion Detection System(IDS).The establishment of intrusion detection system relies on the development of intrusion detection technology,and the value of intrusion detection technology depends could be assessed by intrusion detection system.Snort is a well-known cross-platform,lightweight,concise,and easily extendable open source NIDS(Network Intrusion Detection System),which has been ported to various UNIX and Windows platforms.Snort uses string matching to detect,so the efficiency of string matching algorithm is very important to Snort.Increasing the efficiency of string matching can improve the efficiency of the entire system.This article focuses on how to improve the efficiency of string matching.The main tasks include:1.It introduced the related knowledge of intrusion detection,including the generation and development of intrusion detection,basic knowledge,problems faced and development trends.Focused on the intrusion detection system Snort,it introduced the principle knowledge,work flow and its internal components.2.It analyzed several common string matching algorithms.Based on the comparative analysis of typical BF and KMP pattern matching algorithms,the BM algorithm is studied in detail.In order to speed up the algorithm,this paper proposes an improved BM algorithm,which increases the step size and improves the efficiency.3.The experiment platform was set up,and a Snort-based IDS system was built under Windows.The module and implementation of the system were introduced in detail.The improved BM algorithm was implemented on Snort using C language,and the improved scheme was verified experimentally.Through the analysis of the experimental results,it is proved that the improved scheme improves the matching efficiency. |
PDF Full Text Request