摘要
对于基于特征的开源入侵检测系统Snort来说,如何提高规则匹配速度以适应高速网络的发展是关键。对Snort的规则匹配算法以及现有的两种著名的匹配算法BMH与BMHS算法进行比较分析,提出一种简单实用、易于理解的规则匹配改进算法。该算法通过减少模式串的移动次数以及增加最大移动距离m+1的出现次数来减少规则匹配所需要的时间,进而提高了Snort规则匹配速度。实验测试结果表明该算法能够有效地提高Snort的规则匹配速度。
In order to accommodate to the development of high-speed network,this article analyzes the rule-matching algorithm of Snort,an open source-code NIDS, and puts forward a new improved algorithm on the basis of original rule matching algorithm of Snort.This new algorithm can increase the rule matching speed efficiently through reducing the times of moving pattern strings and increasing the times of the furthest moving distance m+l appearing.Finally,experiments are carried out for evaluating the efficiency of this algorithm.The results show that the approach can greatly improve the rule matching speed of Snort.
出处
《计算机工程与应用》
CSCD
北大核心
2009年第28期109-111,163,共4页
Computer Engineering and Applications
基金
河南省杰出人才创新基金No074200510013
河南省教育厅自然科学基金No2007520048~~