The Research Method Of Pattern Matching And Protocol Analysis In Intrusion Detection System

With the rapid development of computer technology and network data communication technology, the computer information and network security have become important issue. As the speed of detection technique is low and veracity of detection is not high, which occupies more resource of the system. Intrusion detection technology which is based on the pattern matching has been unable to meet the needs of intrusion detection. Protocol analysis can rapid detection the no safety factor of network based on highly regular of network protocol. The technique based on protocol analysis is extremely popular, it not only can reduce rate of missing alarm and failing alarm, but also has advantage of reduce usage of resource of the system.Pattern matching is an important part of the intrusion detection system, that it directly affects the overall performance of the system. First, this paper emphatically analyzes several common pattern matching algorithms in intrusion detection system. In the research of classical pattern matching algorithm—Boyer-Moore algorithm, this paper puts an improved Boyer-Moore algorithm on the basis of combine with the advantages of Boyer-Moore-Horspool algorithm and Boyer-Moore-Horspool-Sunday algorithm. Boyer-Moore algorithm has a large preprocessing time overhead, pointing to this disadvantage. The new algorithm can increase the pattern strings matching speed efficiently through reducing the times of moving pattern strings and increasing the times of the furthest moving distance m +1 appears, it reduce the time and improve the efficiency of the pattern matching. Secondly, in the basis of comprehensive analysis the characteristics of pattern matching and protocol analysis, this paper proposes an intrusion detecting system based on improved pattern matching and protocol analysis to solve the vast computing amounts and a high false positive rate of the pattern matching technology. The system put effective combination of pattern matching and protocol analysis, and can take full advantage of highly regular of network protocol to detect the existence of the known and unknown vulnerabilities and attack. In the process of detection, through layered analysis of network data based on define standardization and hierarchical, format network protocol, it not only can improve the accuracy and speed of detection, but also effectively control rate of missing alarm and failing alarm. In conclusion, the author summarizes the research and pointed out the next phase of the research.