IMPROVEMENT OF ALGORITHM FOR PATTERN MATCHING IN INTRUSION DETECTION

Pattern matching for intrusion feature strings is an important basis for detecting invasion, thus the efficiency of pattern matching is a key factor influencing the performance of intrusion detection. Based on the discussion of the classic BM (Boyer-Moore), BMH (Boyer-Moor-Horspool) and Sunday algorithms for pattern matching, an improved algorithm Sunday-C is proposed. By adding an extra skip before a match, Sunday-C produces a bigger skip distance for reducing the number of match loops and increasing the match the efficiency. Theoretical analysis and experimental test of this paper compares the classic algorithm and improved algorithms for matching performance. The result shows that improved algorithm can save matching time. When applied to the intrusion detection, this algorithm will enhance the detection efficiency.