Pattern matching algorithm is an important component of intrusion detection system. In order to improve the performance and efficiency of the intrusion detection system, a new complete automatic matching algorithm(CA-AC algorithm) was proposed and applied to the Snort intrusion detection system. The algorithm was based on Aho-Corasick algorithm. State transitions in the new algorithm make the number of automaton state decreased,and reduce the memory requirement The complexity of the algorithm was analyzed. Experimental results show that the application of complete automatic matching algorithm in Snort improves algorithm's performance and improves the rules detection efficiency of Snort system.%模式匹配算法是入侵检测系统的重要组成部分.为进一步提高入侵检测系统的性能和效率,提出一种新的多模式匹配算法——完全自动机匹配算法(CA-AC算法),并将其应用于入侵检测系统Snort中.该算法是对Aho-Corasick算法的改进,根据新算法进行状态转换使得自动机状态减少,相应节约了存储空间.分析了算法的复杂度.实验表明,完全自动机算法在Snort中的应用改进了算法的性能,提高了Snort系统的规则检测效率.
展开▼
