期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

提高Snort规则匹配速度的新方法 被引量:4

Research of new method for increasing rule matching speed of Snort
下载PDF
导出
摘要 对于基于特征的开源入侵检测系统Snort来说,如何提高规则匹配速度以适应高速网络的发展是关键。对Snort的规则匹配算法以及现有的两种著名的匹配算法BMH与BMHS算法进行比较分析,提出一种简单实用、易于理解的规则匹配改进算法。该算法通过减少模式串的移动次数以及增加最大移动距离m+1的出现次数来减少规则匹配所需要的时间,进而提高了Snort规则匹配速度。实验测试结果表明该算法能够有效地提高Snort的规则匹配速度。 In order to accommodate to the development of high-speed network,this article analyzes the rule-matching algorithm of Snort,an open source-code NIDS, and puts forward a new improved algorithm on the basis of original rule matching algorithm of Snort.This new algorithm can increase the rule matching speed efficiently through reducing the times of moving pattern strings and increasing the times of the furthest moving distance m+l appearing.Finally,experiments are carried out for evaluating the efficiency of this algorithm.The results show that the approach can greatly improve the rule matching speed of Snort.
作者 王杰 王同军 孙珂珂
机构地区 郑州大学电气工程学院
出处 《计算机工程与应用》 CSCD 北大核心 2009年第28期109-111,163,共4页 Computer Engineering and Applications
基金 河南省杰出人才创新基金No074200510013 河南省教育厅自然科学基金No2007520048~~
关键词 入侵检测系统 SNORT 规则匹配 intrusion detection system Snort rule matching
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Koziol J.Intrusion detection with Snort[M].吴溥峰,孙默,许诚,译.北京:机械工业出版社,2005:31-35.
  • 2Mhashi M M.The effect of multiple reference characters on detecting matches in string-searching algorithms [J].Software-Practice and Experience,2005,35(13) : 1299-1315.
  • 3Mustafa S H.Arabic string searching in the context of character code standards and orthographic variations[J].Computer Standards and Interfaces, 1998,20( 1 ) : 31-51.
  • 4任晓峰,董占球.提高Snort规则匹配速度方法的研究与实现[J].计算机应用,2003,23(4):59-61. 被引量:13
  • 5Stomp F.Correctness of substring-preprocessing in Boyer-Moore's pattern matching algorithm[J].Theoretical Computer Science, 2003, 290( 1 ) : 59-78.
  • 6张娜,张剑.一个快速的字符串模式匹配改进算法[J].微电子学与计算机,2007,24(4):102-105. 被引量:11
  • 7MIT Lincoln Laboratory.2000 DARPA intrusion detection scenario specific data sets[EB/OL].(2004-07-18)[20OS-03-05].http://www.ll. mit.edu/IST/.

二级参考文献8

  • 1[1]Roesch M. Snort-Lightweight Intrusion Detection For Networks[EB/OL]. www.snort.org,1999-09.
  • 2[2]Desai N. Increasing Performance in High Speed NIDS,A look at Snorts Internals[EB/OL]. http://www.cis.udel.edu/~zhi/www.docshow.net,2002-03.
  • 3Aho A V,Corasick M J.Efficient string matching:an aid to bibliographic search[J].Communications of the ACM,1975,18(6):333~340
  • 4Fan J,Su K.An efficient algorithm for matching multiple patterns[J].IEEE Transation on Knowledge and Data Engineering[J],1993,5(2):339~351
  • 5Charras C,Lecroq T.Exact string matching algorithms[EB/OL].http://www-igm.univ-mlv.fr/~lecroq/string.1997
  • 6Liddell M.String searching[EB/ OL].http://www.cs.mu.oz.au/~mjl/thesis/thesis.html.1997
  • 7Knuth D E,Morris J H,Pratt V R.Fast pattern in strings[J].SIAM Journal on Computing,1977,6(2):323~350
  • 8Boyer R S,Moore J S.A fast string searching algorithm[J].Communications of the ACM,1977,20(10):762~772

共引文献22

同被引文献32

  • 1李雪莹,刘宝旭,许榕生.字符串匹配技术研究[J].计算机工程,2004,30(22):24-26. 被引量:26
  • 2徐成,孙伟,戴争辉,喻飞.一种面向入侵检测的BM模式匹配改进算法[J].计算机应用研究,2006,23(11):89-91. 被引量:5
  • 3张娜,张剑.一个快速的字符串模式匹配改进算法[J].微电子学与计算机,2007,24(4):102-105. 被引量:11
  • 4Koziol J.Intrusion detection with Snort[M].吴溥峰,孙默,许诚,译.北京:机械工业出版社,2005:31-35.
  • 5Boyer R S ,Moore J S.A fast string searching algorithm[J].Com- munications of ACM: Programming Techniques, 1977, 20 (10) : 762-772.
  • 6Rafiq A N M E, EI-Kharashi M W, Gebali F.A fast string search algorithm for computer networking[C]//IEEE Pacific Rim Conference on Communications ,Computers and Signal Pro- cessing, 2003 : 764-767.
  • 7Horspool R N.Practical fast searching in strings[J].Software: Practice and Experience, 1980,10(6) :501-506.
  • 8Sunday D M.A very fast substring search algorithm[J].Communi- cations of the ACM, 1990,33(8) : 132-142.
  • 9Yuan Jingbo, Zheng Jisen, Ding Shunli.An improved pattern matching algorithm[C]//3rd International Symposium on Intelli- gent Information Technology and Security Informatics, 2010: 599-603.
  • 10Tseng L Y, Lin Y T.A hybrid genetic local search algorithm for the permutation flow shop scheduling problem[J]. European Journal of Operational Research, 2009,198 ( 1 ) : 84-92.

引证文献4

二级引证文献11

计算机工程与应用
2009年 第28期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部