[Snort-devel] Snort Pattern Search Algorithms

Marc Norton marc.norton at ...402...
Tue Apr 6 07:36:06 EDT 2004

Snort uses a variant of the Wu-Manber algorithm, and a straight forward
implementation of the Aho-Corasick state machine.  These perform the
high speed multi-pattern matching in Snort.  You need to find the links
on the snort.org web site to the papers that describe the detection
engine as a whole in order to understand how the whole thing is tied
together.  You'll also need to read a fair amount of source code, since
much of snort is not documented outside of the source code.  Good luck. 
Hi EverOne,
Iam in need of some documents which explains me in detail about the
Pattern Match Algorithm Techniques currently used 
by snort in Version (=/>)2.0. I want to know as to how thus snort uses
the Multiple content search and implement the 
special options such as distance,Within etc. 
I am aware about the basic algorithm like Boyer Moyre & AC_BM apporaches
mentioned in the doc present at the following link.
But i want to know about the current implementation as i read somewhere
it uses a enhanced approach BM set wise algo etc.
Thanks in Advance !!

