| 提高Snort规则匹配速度新方法的研究与实现 |
| |
| 引用本文: | 曾传璜,黄侃.提高Snort规则匹配速度新方法的研究与实现[J].计算机工程与应用,2014(22):102-105,148. |
| |
| 作者姓名: | 曾传璜 黄侃 |
| |
| 作者单位: | 江西理工大学 信息工程学院,江西 赣州,341000 |
| |
| 摘 要: | 入侵检测系统在网络安全中扮演着越来越重要的角色,Snort作为一个开源的入侵检测系统,改进其使用的匹配算法,使其能够减少运行时间,提高效率是不断研究的主题。对于模式匹配算法,增大其最大移动距离和保证其能够移动最大的安全距离是提高算法效率的关键。改进算法在BM算法的基础上,采用双字符序列检测方法,增大匹配过程中最大移动距离至m+2,并保证匹配失败时,每一次都能够移动最大的安全距离。将该改进算法应用于Snort系统中。实验验证,该算法能够减少字符比较次数和窗口移动次数,同时提高Snort系统的效率。
|
| 关 键 词: | Snort系统 改进的BM算法 最大移动距离 |
Research and implementation of new method on increasing speed of rule-matching in Snort |
| |
| ZENG Chuanhuang,HUANG Kan.Research and implementation of new method on increasing speed of rule-matching in Snort[J].Computer Engineering and Applications,2014(22):102-105,148. |
| |
| Authors: | ZENG Chuanhuang HUANG Kan |
| |
| Affiliation: | (School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, Jiangxi 341000, China) |
| |
| Abstract: | IDS plays an increasingly important role in network security sector, Snort is one of IDS with open source, the theme we continuously researching improves the efficiency of the matching algorithm, so that IDS can reduce running time. The key to improve the efficiency of the matching algorithm is to increase the maximum distance and ensure moving the biggest safe distance. The improved algorithm is based on the BM algorithm and adopted the double characters sequence detection method. It results the maximum distance add to m+2 and can move the biggest safe distance each time. Finally, through the experiment, when this algorithm applied to Snort, it can reduce times of comparing character and mobile windows. At the same time, it can improve the efficiency of Snort. |
| |
| Keywords: | system of Snort improved BM algorithm maximum distance |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
