Research And Realization Of Key Techniques In Intrusion Detection System

As a positive technique of security prevention, intrusion detection has an important function in protecting computer network and information security. With the rapid development of network, so many new techniques of intrusion detection have grown up, such as overload balance, "zero copy" and distributed technology.To solve the "False Positives" and "False Negatives" of IDS in the high-speed network, this thesis brings up an intrusion detection solution based on data slicing and protocol analysis: based on the type of protocol, uses data slicing at the bottom and imports protocol analysis at the application layer, and successfully improve the speed and veracity of IDS.Data slicing is a process that data is taped from network device and sent to many slicing devices according to somewhat strategy, but the operation of slicing isn't arbitrary, which should keep the integrity of network connect, otherwise many attacks are ignored. Through inserting a core switch module between slicing device and sensor, the design assures the connection integrity; Protocol analysis makes use of message format information of data packets, refers to the concrete protocol standard, and deeply detects the implicit attack of messages based on protocol state, then detects the abnormal messages in terms of the way of pattern match. Protocol analysis mainly includes decoding protocol and tracing session status, and before these it needs to identify the type of protocol.At first, the thesis summarizes the intrusion detection, mainly about the generation and development of the intrusion detection, the concept and class of intrusion detection, the intrusion detection system and model. Then, briefly explains the solution of intrusion detection under the high-speed network: overload balance, "zero copy" and distributed technology. Then, based on the two key characteristics of intrusion detection: the speed and veracity, the thesis concretely explains the technique of data slicing and protocol analysis, designs and implements the protocol analysis module in detail, and...