入侵检测是信息安全领域中的一个重要课题，是上个世纪90年代发展起来的新兴学科，它涉及的知识面广、难度大，国际上成熟的入侵检测系统较少。入侵检测技术是一种主动保护自己免受攻击的网络安全技术，是继防火墙、数据加密等传统安全保护措施后新一代的安全保障技术，作为防火墙的合理补充，入侵检测技术能够帮助系统对付网络攻击，扩展系统管理员的安全管理能力，提高信息安全基础结构的完整性。 本文首先对入侵检测的现状、入侵检测系统的组成、分类进行了分析和总结，重点对当前流行的各种入侵检测算法进行了介绍，分析了各种算法的优缺点以及它们的发展趋势；然后，对入侵检测中的模式匹配算法进行了研究，包括经典的BF、KMP、BM等算法，并对各种算法的性能进行了分析，提出了对KMP算法和BM算法的改进算法，并通过实验证明了改进算法在时间复杂度上的优越性；接着，针对轻量级网络入侵检测系统Snort，从它的特点、系统构架、工作原理和规则的编写等方面进行了详细的分析，并对其进行了可视化启动界面的优化及搭建了可视化的报警分析平台；最后在分析了协议分析技术和特征模式匹配技术各自优缺点的基础上，提出了基于协议分析的模式匹配的检测方法，并给出了该方法用于数据分析模块的设计方案。

Intrusion detection is an important task in the field of information secutiy. It developed in the 90's. For its difficulty and featuring a wide range of scientific fields, few successful intrusion detection systems are seen in foreign countries. Intrusion detection technology is that one kind protects oneself from a kind of network safe practice attacked voluntarily, continue the security technology of new generation after the traditional safe protective measure, such as fire wall、 the data encrypted etc. As rational supplement of fire wall, invade detection technique can help the system to deal with attack of network, expand security managerial ability of system manager, raise the integrality of the safe infrastructure of the information. First, this dissertation analyses and summarizes the current status of intrusion reaserch, focuses on discuss many kinds of IDS algorithms, at the same time, we analyse their virtue disadvantage of them. Second, this dissertation surveys the pattern matching algorithms such as BF、KMP、BM and analyses the performance of them. Then we provide some improvement for KMP algorithm and BM algorithm, and the advantage of the improved algorithms in time complexity is proved by experiment. Third, Snort, as a kind of lightweight network intrusion detection systems, is detail discussed about characteristic、system framework、operating principle and rules. Then it is optimized on visual beginning interface and alarm analyse platform. At last, the analysis of the advantages and disadvantages about protocol analysis and the pattern matching is given. And the detection method of combing protocol analysis with pattern matching is used in the design plan of data analysis module.