北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (3): 19-23.doi: 10.13190/jbupt.200803.19.xiny

• 论文 • 上一篇    下一篇

用于入侵检测的快速多模式匹配

辛 阳, 魏景芝, 钮心忻   

  1. 北京邮电大学 网络与交换技术国家重点实验室,北京 100876
  • 收稿日期:2007-10-26 修回日期:1900-01-01 出版日期:2008-06-28 发布日期:2008-06-28
  • 通讯作者: 辛 阳

A Fast Multiple Pattern Matching Using in Intrusion Detection

XIN Yang, WEI Jing-zhi, Xiu Xin-xin   

  1. State Key Laboratory of Networking and Switching Technology , Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2007-10-26 Revised:1900-01-01 Online:2008-06-28 Published:2008-06-28
  • Contact: XIN Yang

摘要:

针对目前入侵检测匹配算法速率过慢的问题,提出了一种快速多模式匹配算法.一般情况下,该算法能充分利用匹配过程中本次匹配不成功的信息和已经匹配成功的信息,尽可能多地跳过待查文本串中的字符,不需要匹配目标文本串的每个字符,就能一次性实现对文本的快速搜索.此外,该算法由于采用组合状态自动机,还能对中文进行快速搜索.实验结果表明,本文算法具有更高的检测效率,能有效降低系统的丢包率.

关键词: 多模式串匹配, 有限自动机, 关键字检测过滤, 入侵检测

Abstract:

For the weakness of low string matching speed in intrusion detection field, a fast improved algorithm to perform multiple pattern matching in a string was presented. In general, the algorithm described does not need to test each character in the string. By making full use of the results of matching successes and failures, the algorithm can often bypass inspection of as many characters as possible and get all matching locations after one quick search.Secondly,the new algorithm can match Chinese string due to using a combinatorial state automaton. Experimental results demonstrate that the proposed algorithm achieves excellent performance of detection and is helpful to reduce systematical missing package rate.

Key words: multiple pattern match, finite state automaton, keywords detection and filtering, intrusion detection

中图分类号: