基于SBOM算法的网络入侵检测系统的实现

The Implementation of Network Intrusion Detection System based on SBOM Algorithm

入侵检测系统的核心部分就是检测引擎,检测引擎采用的算法的优劣直接关系到入侵检测系统的性能。在分析SBOM算法的数据结构和模式匹配过程的基础上,将SBOM算法引入Snort网络入侵检测系统中,得到了实现Snort检测引擎的一种新的方法。实验结果表明,SBOM算法在模式集较大的情况下性能比较具有优势,并且随着最小模式长度以及模式集的增长算法具有更好的性能。

The detection engine is the core module of the intrusion detection system.The efficiency of pattern matching algorithm used in detection engine decides the performance of this type of intrusion detection system.This paper implements the SBOM algorithm in Snort and obtains a new method of Snort detection engine.The result of experiment indicates that algorithm being comparatively excellent for large keyword sets,and progressively better for large alphabets as the minimum keyword length increases and as the keyword set size increases.