Port Scan Detection Module Integrated In Ids System Based On Ixp2800

IDS technology tries to discover the network invasion via the collection and analysis of data flow. In recent years, network-based IDS technology faces great challenges due to increasing network bandwidth. Because of high intelligence requirements, IDS system requires high performance of both software and hardware. But currently most IDS focus on only software or hardware performance, so it's difficult to reach requirements under high-speed network.This project works based on Scientific and Technological Innovation Fund Projects "High-speed Network Processor-based IDS system". It studies how to improve properties of IDS under high-speed network environment form both hardware and software design.On one hand, it uses Intel's IXP2800 to replace general-purpose processor to handle gigabit-class traffic.On the other hand, the system employs simply and effective algorithm to meet the hardware and high-speed network environment.Considering the intruders mostly scan ports to obtain network information, this paper plan to design and implement a port scan detection module integrated in IDS sytem based on detailed analysis of IXP2800's high-speed networks processing ability.The modules make full use of IXP2800's parallel processing system with simple and effective detection methods to achieve online real-time detection. We try to effectively prevent the invasion at the same time when traffic entering the network, and construct an effective barrier of IDS to reduce the pressure of the core components.The paper gives a detailed performance analysis of port scan detection module, and set up a test environment to test it. The results shows that the port scan detection module can make full use of IXP2800 high-speed processing properties, to achieve the functions of detecting targets at the same time, to achieve the delicate environment of online speed system-level latency, no packet loss during testing.The main achievement of this paper is it integreat an effective and easy port scan module in real-time IDS system. The module makes full use of the hardware and software advantage of IXP2800, and raise up the processing capacities of the system.