摘要： 对入侵检测系统Snort的规则匹配算法进行了系统的分析，为了进一步提高Snort的规则匹配效率，提出了在匹配过程中，对于条件匹配处理函数应用参数链表驱动的方法。从而避免重复调用处理函数，充分利用参数之间的关系，并能动态地减少无效规则的匹配。通过两个实验来评估此方法的效率，结果表明改进方案较明显地提高了Snort的检测性能。

关键词: 基于网络的入侵检测系统, 规则匹配, 参数驱动

Abstract: This paper systematically analyzes the rule matching algorithm of Snort, an open source-code NIDS. In order to increase effectively the rule matching speed, an approach of parameter-list-driven is proposed for the conditional checking subroutine during rule matching. The means can avoid repeatedly invoking the checking subroutines, can utilize relationship between parameters, and can significantly reduce invalid rules in the running time. Finally, two experiments are done for evaluating the efficiency of it. The result shows the approach can greatly improve the detecting performance of Snort.

Key words: NIDS, Rule matching, Parameter-driven