基于模式匹配算法的协议分析入侵检测系统

In this paper,a protocol analysis intrusion detection system based on multi-pattern matching algorithm is given.The improved pattern matching algorithm with a combination of protocol analysis used in intrusion detection systems. Application of this method, we construct the architecture of Network Intrusion Detection System .The main modules are: packet capture module, protocol analysis module, memory module, detection module, response module and interface management module. Both between the various modules are independent of each other and cooperate together to complete the act of intrusion detection to detect and deal with.In this system , the WinPcap is used to capture the networkpacket and the MMAP is used to improve efficiency ,the improved pattern matching algorithm is used to improve rates , and reduce times of comparing , the design of the system can greatly reduce the computation , improve efficiency of algorithm , and reduce the unnecessary misinformation rates by protocol .That will improve the efficiency of intrusion detection system.