关键词: 入侵检测,BM算法,模式匹配,Snort,KMP算法

Abstract: In module design for detection engine of IDS,the misuse of detection based on the Pattern Matching algorithm is the most commonly used by designers as a means of core technology,and the loss rate of data packet,the rate of false positives of IDS and Matching speed of detection engine depend on the performance of Pattern Matching algorithm．Boyer-Moore algorithm,its improved Boyer-Moore Horspool algorithm and Boyer Moore Horspool System algorithm are the the most used-widely Pattern Matching algorithm．Based on the analysis of the BM algorithm and improved algorithm,a new improved BM algorithm is proposed in the article．The algorithm takes advantage of the end character of the string and the uniqueness of next character of corresponding text strings in it,and consider the text string information to increase Matching speed,so that can accommodate to the requirement of high-efficiency of Pattern Matching algorithm for IDS.

Key words: Intrusion detection,BM algorithm Pattern-matching,Snort,KMP algorithm