Computer Engineering and Applications ›› 2014, Vol. 50 ›› Issue (22): 102-105.

Previous Articles     Next Articles

Research and implementation of new method on increasing speed of rule-matching in Snort

ZENG Chuanhuang, HUANG Kan   

  1. School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, Jiangxi 341000, China
  • Online:2014-11-15 Published:2014-11-13

提高Snort规则匹配速度新方法的研究与实现

曾传璜,黄  侃   

  1. 江西理工大学 信息工程学院,江西 赣州 341000

Abstract: IDS plays an increasingly important role in network security sector, Snort is one of IDS with open source, the theme we continuously researching improves the efficiency of the matching algorithm, so that IDS can reduce running time. The key to improve the efficiency of the matching algorithm is to increase the maximum distance and ensure moving the biggest safe distance. The improved algorithm is based on the BM algorithm and adopted the double characters sequence detection method. It results the maximum distance add to [m+2] and can move the biggest safe distance each time. Finally, through the experiment, when this algorithm applied to Snort, it can reduce times of comparing character and mobile windows. At the same time, it can improve the efficiency of Snort.

Key words: system of Snort, improved BM algorithm, maximum distance

摘要: 入侵检测系统在网络安全中扮演着越来越重要的角色,Snort作为一个开源的入侵检测系统,改进其使用的匹配算法,使其能够减少运行时间,提高效率是不断研究的主题。对于模式匹配算法,增大其最大移动距离和保证其能够移动最大的安全距离是提高算法效率的关键。改进算法在BM算法的基础上,采用双字符序列检测方法,增大匹配过程中最大移动距离至[m+2],并保证匹配失败时,每一次都能够移动最大的安全距离。将该改进算法应用于Snort系统中。实验验证,该算法能够减少字符比较次数和窗口移动次数,同时提高Snort系统的效率。

关键词: Snort系统, 改进的BM算法, 最大移动距离