徐周波,张永超,古天龙,宁黎华.面向入侵检测系统的模式匹配算法研究[J].计算机科学,2017,44(9):125-130
面向入侵检测系统的模式匹配算法研究
Research on Pattern Matching Algorithm in Intrusion Detection System
投稿时间:2016-08-24  修订日期:2016-11-05
DOI:10.11896/j.issn.1002-137X.2017.09.025
中文关键词:  入侵检测,Snort,模式匹配,BM改进算法
英文关键词:Intrusion detection,Snort,Pattern matching,Improved BM algorithm
基金项目:本文受国家自然科学基金(61572146,0,U1501252),广西自然科学基金(2016GXNSFDA380006,2014GXNSFAA118354),广西高等学校高水平创新团队及卓越学者计划资助
作者单位E-mail
徐周波 桂林电子科技大学广西可信软件重点实验室 桂林541004 xzbli_11@guet.edu.cn 
张永超 桂林电子科技大学广西可信软件重点实验室 桂林541004 1534450577@qq.com 
古天龙 桂林电子科技大学广西可信软件重点实验室 桂林541004 cctlgu@guet.edu.cn 
宁黎华 桂林电子科技大学广西可信软件重点实验室 桂林541004  
摘要点击次数: 85
全文下载次数: 40
中文摘要:
      入侵检测系统Snort检测的基本原理是模式匹配。为了提高模式匹配算法的效率,从两方面对Snort中的BM算法进行改进。首先,为了增大模式串移动的距离,改进算法利用了与模式串最右端对齐的下一个及第二个文本字符,以及这两个字符再向右偏移模式串长度所对应字符在模式串中的出现情况,最大移动距离达到了2m+2。其次,为了增大失配时大的移动距离出现的概率,利用了最右端字符与其下一个字符的组合概率特性。最后,对算法进行了性能测试。测试结果表明改进算法减少了窗口移动次数和字符比较次数,提高了匹配效率。
英文摘要:
      As an network intrusion detection system,Snort’s detection principle is based on pattern matching.In order to improve the efficiency of the matching algorithm,the BM algorithm in Snort was improved from two aspects.Firstly,in order to increase the moving distance when missing match,the two characters following the character which is aligned with the rightmost location of the pattern in the text and the two corresponding characters moved by length of the pattern are taken into consideration.And the most moving distance is 2m+2.Furthermore,the appearance frequency of the bigger moving distance when missing match is increased by using the probability characteristic of the combination of the rightmost and its next characters.Finally,experiments on these algorithms were conducted.The experimental results show that the proposed algorithm can effectively reduce the times of moving windows and comparing character.As a result,the matching efficiency is improved.
查看全文  查看/发表评论  下载PDF阅读器