some questions!

[jason cheng <jason_cheng2003 () hotmail com>]

  hello,everyone!
  I am a chinese student.I am very interested in NIDS,especially protocol 
analysis an pattern match NIDS.I am going to wirte a thesis about this 
topic.But I do not know it.I have make a research on it for several months.
  I have some questions that I can not understand yet.I hope get your 
answer urgently.
  1)I know pattern match is used in protocol analysis NIDS.Could you tell 
me which module pattern is applied and what role is it in protocol 
analysis NIDS?
  2)Is AC_BM algorithm used in snort now?what is the performance data of 
this algorithm?
  3)Protocol anomaly is one subset of protocol analysis,then what other 
subsets protocol analysis contain?
  4)As we know,packets are decoded to detect if they comply with protocol 
specification.In Mr. Robert Graham's article,he say "protocol are 
decoded".Could you tell me whether they are same one?

   Thank you very much!

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>