关键字:规则匹配;规则库;动态匹配
The Implementation And Improvement
Of IDS Rule-matching Algorithm
ABSTRACT
With the rapid development of Internet, computer network has become much more important in many areas, namely, society, economics, culture, and the people's ordinary lives. People is also deeply feel the importance of network security when they use computer networks, Intrusion Detection Network security is an important guard . According to the detection methods of IDS, we can divide IDS into three types: misuse detection ,anomaly detection and standardized detection.
Snort is an open source network intrusion detection system (NIDS),which use the misuse detection methods and has a strong warning capability, However Snort have some disadvantage in many respects, Especially in the case of the high-speed network link, the rules matching algorithm of Snort is less efficient. Therefore ,we use dynamic rule-matching technology and make some research in order to make some improvements in the detection efficiency.
In this paper, we make two experiments, one experiment we use the Original algorithm, the other we use the improved algorithm. This paper use Snort Intrusion Detection model, built an intrusion detection system in order to do intrusion detection experiments. Then the rules will be adjusted dynamically by algorithm, continue to do experiments, the results will be compared with before, thus proving that the system improved the detection efficiency. Then, conclude the results of this experiment.
