| 提高Snort规则匹配速度的新方法 |
| |
| 引用本文: | 王杰,王同军,孙珂珂.提高Snort规则匹配速度的新方法[J].计算机工程与应用,2009,45(28):109-111. |
| |
| 作者姓名: | 王杰 王同军 孙珂珂 |
| |
| 作者单位: | 郑州大学 电气工程学院,郑州 450001 |
| |
| 基金项目: | 河南省杰出人才创新基金,河南省教育厅自然科学基金 |
| |
| 摘 要: | 对于基于特征的开源入侵检测系统Snort来说,如何提高规则匹配速度以适应高速网络的发展是关键。对Snort的规则匹配算法以及现有的两种著名的匹配算法BMH与BMHS算法进行比较分析,提出一种简单实用、易于理解的规则匹配改进算法。该算法通过减少模式串的移动次数以及增加最大移动距离m+1的出现次数来减少规则匹配所需要的时间,进而提高了Snort 规则匹配速度。实验测试结果表明该算法能够有效地提高Snort的规则匹配速度。
|
| 关 键 词: | 入侵检测系统 Snort 规则匹配 |
| 收稿时间: | 2008-5-27 |
| 修稿时间: | 2008-9-4
|
Research of new method for increasing rule matching speed of Snort |
| |
| WANG Jie,WANG Tong-jun,SUN Ke-ke.Research of new method for increasing rule matching speed of Snort[J].Computer Engineering and Applications,2009,45(28):109-111. |
| |
| Authors: | WANG Jie WANG Tong-jun SUN Ke-ke |
| |
| Affiliation: | College of Electrical Engineering,Zhengzhou University,Zhengzhou 450001,China |
| |
| Abstract: | In order to accommodate to the development of high-speed network,this article analyzes the rule-matching algorithm of Snort,an open source-code NIDS,and puts forward a new improved algorithm on the basis of original rule matching algorithm of Snort.This new algorithm can increase the rule matching speed efficiently through reducing the times of moving pattern strings and increasing the times of the furthest moving distance m+1 appearing.Finally,experiments are carried out for evaluating the efficiency of this algorithm.The results show that the approach can greatly improve the rule matching speed of Snort. |
| |
| Keywords: | intrusion detection system Snort rule matching |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
