Design And Implementation Of Anomaly-based Network Intrusion Detection System

Nowadays, information technology develops much fast. The Internet financial gets great progress, the network security, especially the network financial security has been paid much more attention by companies and users. IDS(Intrusion Detection System) is a kind of active defense technology, which developed into professional intrusion detection system gradually in the middle of 1980 s. Convinced by its rapid development, more and more companies use IDS instead of firewall as the most reliable supervising system.The design and application of intrusion detection system is studied in this system in which aiming to integrated intrusion detection system for the financial management platform of Straight Flush, to remind users of possible problems leading by abnormal operation, and to protect system files, so as to guarantee the security of trading process. Basing on current financial situation and related policy of CSRC, this system formulates the template library of intrusion and normal behavior for pattern matching technology. It employs BM tech which is 3-5 times faster than KMP tech, and it simultaneously combines the abnormal analysis and pattern matching techniques to establish the outline of no rmal operation, which effectively makes up for the misinformation of abnormal non-invasion behavior of KMP tech. This paper mainly discusses the requirements of system, the design of framework and function. It contains 3 parts: data acquisition module, intrusion detection module, and warning module. This article also introduces the completion port technology which is applied by the data acquisition module in detail, and this technology shows better performance in efficiency than WSAEventSelect technology used by common system application. Warning module application technology combines active warning and passive warning so that the system can handle the identified intrusion behavior, and inform the administrator of abnormal non invasive behavior. By providing the interface of abnormal account operation, it is more convenient to reduce the rate of false positives.This paper firstly analyzes the present situation of network security, pointing out the significance of intrusion detection system. Then it states te chnical features of the system design and application. Finally it introduces the test results of the system.