An improved model of intrusion detection

Pattern matching is a frequently used detection technology in misuse detection. This paper introduces the pattern-matching process, analyzes the single-mode and multi-mode match algorithm, and then points out the. flaws of intrusion detection system by adopting the pattern matching technology. Protocol analysis technology is a new intrusion detection technology, which is developed on the basis of pattern matching technology. It is from the specific nature of rules of the network communication protocol, by directly finding the would-be-analyzed-byte position, and then takes it out for analysis without the need to have byte-byte comparison. Intrusion detection system based on protocol analysis has some notable advantages. According to the features of the two sides, this paper proposes an intrusion framework model combining the pattern matching technology and protocol analysis technologies. The research indicates that this model can enhance the examination efficiency and reduce the failure to report and misreport.