Title :
Research on Detection Speed Improvement of Snort
Author :
Meng, Qingduan ; Zhang, Xiaoling ; Lv, Dongwei
Author_Institution :
Sch. of Electron. Inf. Eng., Henan Univ. of Sci. & Technol., Luoyang, China
Abstract :
An improved AC_BMH (Aho-Corasick_Boyer-Moore-Horspool) algorithm was proposed in this paper, which combines advantages of both double-character skip and QS (Quick Search) algorithm, and increases the jumping distance of pattern string when pattern strings matching fails. Experiment results show that the matching speed of string is improved by 22.85%-42.79% by using the proposed algorithm. By modifying both preprocessing and pattern matching process components, the proposed algorithm was applied to Snort detection system, and experiment results show that the detecting speed of Snort is improved about 5.95%-25.54%, and the increased memory usage, not over 80MB, almost not affect the computer performance.
Keywords :
search problems; security of data; string matching; AC_BMH algorithm; Aho-Corasick_Boyer-Moore-Horspool; Snort detection system; double-character skip algorithm; pattern matching; pattern strings matching; quick search algorithm; Algorithm design and analysis; Computer performance; Detection algorithms; Intrusion detection; Pattern matching; Software; Software algorithms;
Conference_Titel :
Internet Technology and Applications, 2010 International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5142-5
Electronic_ISBN :
978-1-4244-5143-2
DOI :
10.1109/ITAPP.2010.5566613
