Research And Implementation Of Distributed Intrusion Detection System Based On The Snort

With the development of network technology, computer network security problems areincreasing day by day, the original firewall technology is more and more difficult to meetthe demand of network security protection.On the one hand, the firewall is committed toresist attacks from the outside of network, however, the attacker attacks the ever-changing,so that the firewall very hard to detect. On the other hand, the firewall can do nothing for theattack from internal network. In order to compensate for the lack of traditional securitytechnologies, the intrusion detection system (IDS) have come into being.Pattern algorithm plays an important role in the intrusion detection system. Therefore,the efficiency of the matching algorithm has important influence on IDS performance. Atthe same time, some means of hacker attacks constantly update, making the traditionalintrusion detection system deployment very difficult to be effective. Therefore, thedistributed intrusion detection system (DIDS) has become the focus of the research in thisarea. This paper takes Snort as the main research object, by improved the pattern matchingalgorithm (BM algorithm) of Snort. To improve the efficiency of the intrusion detectionsystem, we have researched a distributed intrusion detection system based on Snort. Themajor work of this dissertation is as follows:1) Firstly, the article introduces the basic concepts of intrusion detection system, includingthe definition, principles of intrusion detection, classification and workflow. Focus on theanalysis of the two typical DIDS system model, provided theoretical basis for building theSnort-based DIDS model.2) Research and analysis several commonly used pattern matching algorithm-the KMPalgorithm, the BM algorithm and BMHS algorithm. From the basic principles to thematching process are analyzed in detail, at the same time, realize it with C program. On thisbasis, this paper proposes a fast pattern matching algorithm based on BM algorithm--IBMalgorithm. The algorithm uses the current matching window behind the two characters oftext to determine the pattern string right distance.Compared to the above three algorithms,the maximum shifted to the right distance of the mode string is improved. After someexperiments, the improved algorithm effectively improved the efficiency of patternmatching. 3) Build a Snort-based DIDS model, detailed the key technologies of the model and therealizing method of System. Using the improved algorithm (IBM algorithm) improved theSnort monitor in model, verified the role of the improved algorithm by experiments. Finally,pointed out the inadequacies of the system, and the direction of further work.