Nids Based On The Enterprise Network Applications

This article is to sum up the research status of intrusion detection, to have a deep analysis of the main intrusion detection technology, methods, structure; to present the problems which intrusion detection technology face with and trends of research development, and for the main technical difficulties of the intrusion detection technology is to put into research and practice.Generalizing the theoretical framework of IDS is to create a unified IDS research base. As beginning, demonstrating the necessity of the intrusion detection, and providing the concepts and models of the intrusion detection systems, detailing a variety of methods and architecture of intrusion testing. In addition, related to the intrusion detection technology describing the development reasons, development status and development direction.Elaborating the principle of data capture. We also introduce functions and data structures of Winpcap because data packets are captured by functions of Winpcap in the Windows OS. We primary illustrate the application captured network data packets, and print out the result of our experiment.We briefly introduce the four layer models of TCP/IP, data packets analysis process, TCP/IP protocol form etc. and data structures. Having a statement of data analysis principle,module design,programme realization in detail.We introduce classical BM algorithm about pattern matching, and its principle, we will program a new algorithm according to the idea and the principle of pattern matching algorithm because the BM algorithm is hard to improve, the new algorithm will be improved in direction and speed of pattern matching, we also tested the new algorithm and analyzed the result.We found some question and defect, in order to resolve these, we present improving IDS model, the ameliorated model is composed of a primary central control machine and a lot of intrusion detection terminal, both of them detect the attack of inner and outer, and realize linkage response together with firewall, and provide some interface for the using to extend and integrate. The trait of the ameliorated model is combining accuracy of pattern with data mining technology, and capability of study by itself, which make IDS not to detect known character attack but to found secret latency attack.In the end, we concluded our works and presented our plans in the future.