| Networking consumers, for a long period of time, have used to utilize the firewall as the first safeguard for their systems on beating against system intrusion. However, as the development of the networking attack techniques, it becomes not sufficient for the security requirements of our networking by only using the firewall. Therefore, other possible networking security tools should be considered, and one of the most significant tools, the intrusion detection system (IDS), which works with the firewall and other applications to detect the networking intrusion cooperatively, has been coming into the focus as the second safeguard candidate.Recently, because of the quick augmentations on large scale networks as well as the Gigabyte Ethernet, it becomes challenging for the current IDS to keep up with the rapid development.In this thesis, we propose an advanced IDS which agrees with current network environment based on the analysis on universal model of the misapplied IDS. In this approach, based on the Ach-Corasick multi-pattern matching algorithm of the original IDS, we make improvements by applying the idea of Boyer-Moore-Horspool (BMH) algorithm which can transfers the part of the time cost on the process of string matching to the pre-process of patterns when they are being appended to the library, thus our IDS becomes more efficient.Moreover, a continuous ports expand method based on the rules of access control list (ACL) is given for the first time, according to the features of our IDS and its application environment. In this approach, via simplifying the ACL rules on sifting data packets, the time cost on intrusion detecting data collection is reduced.Finally, the test result of the system performance and an analysis based on the result is provided. We show that the IDS in this work meets the system design requirements, it can be applied on current routers and easy to be applied in some other detection situations, such as the intrusion detections for E-mail, E-business systems, etc. |
PDF Full Text Request