[Snort-devel] Snort Pattern Search Algorithms

Marc Norton marc.norton at ...402...
Tue Apr 6 07:36:06 EDT 2004


Snort uses a variant of the Wu-Manber algorithm, and a straight forward
implementation of the Aho-Corasick state machine.  These perform the
high speed multi-pattern matching in Snort.  You need to find the links
on the snort.org web site to the papers that describe the detection
engine as a whole in order to understand how the whole thing is tied
together.  You'll also need to read a fair amount of source code, since
much of snort is not documented outside of the source code.  Good luck. 
 
-----Original Message-----
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net] On Behalf Of Peter
Richard
Sent: Tuesday, April 06, 2004 4:03 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Snort Pattern Search Algorithms
 
Hi EverOne,
Iam in need of some documents which explains me in detail about the
Pattern Match Algorithm Techniques currently used 
by snort in Version (=/>)2.0. I want to know as to how thus snort uses
the Multiple content search and implement the 
special options such as distance,Within etc. 
I am aware about the basic algorithm like Boyer Moyre & AC_BM apporaches
mentioned in the doc present at the following link.
http://www.silicondefense.com/software/acbm/speed_of_snort_06_21_2001.pd
f
But i want to know about the current implementation as i read somewhere
it uses a enhanced approach BM set wise algo etc.
 
Thanks in Advance !!
Cheers
Peter
 
 
  _____  

Do you Yahoo!?
Yahoo!
<http://us.rd.yahoo.com/evt=23609/*http:/promotions.yahoo.com/design_giv
eaway/static/index2.html>  Small Business $15K Web Design Giveaway -
Enter today
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040406/eca1f3a8/attachment.html>


More information about the Snort-devel mailing list