[Snort-devel] Snort Pattern Search Algorithms
marc.norton at ...402...
Tue Apr 6 07:36:06 EDT 2004
Snort uses a variant of the Wu-Manber algorithm, and a straight forward
implementation of the Aho-Corasick state machine. These perform the
high speed multi-pattern matching in Snort. You need to find the links
on the snort.org web site to the papers that describe the detection
engine as a whole in order to understand how the whole thing is tied
together. You'll also need to read a fair amount of source code, since
much of snort is not documented outside of the source code. Good luck.
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net] On Behalf Of Peter
Sent: Tuesday, April 06, 2004 4:03 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Snort Pattern Search Algorithms
Iam in need of some documents which explains me in detail about the
Pattern Match Algorithm Techniques currently used
by snort in Version (=/>)2.0. I want to know as to how thus snort uses
the Multiple content search and implement the
special options such as distance,Within etc.
I am aware about the basic algorithm like Boyer Moyre & AC_BM apporaches
mentioned in the doc present at the following link.
But i want to know about the current implementation as i read somewhere
it uses a enhanced approach BM set wise algo etc.
Thanks in Advance !!
Do you Yahoo!?
eaway/static/index2.html> Small Business $15K Web Design Giveaway -
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel