With the Internet global, the Network Security had been paid more attention , security experts become to know that the traditional security techniques cannot meet nowadays security request, which needs to combine many security techeniques. Firewall techniques executes the access controll of intranet and internet. Intrusion Detection System is new generation security technique which follows firewall and data crypt techniques, which detects and responses the illegal use of the computer and network resources.This thesis designs Intrusion Detection System based on proxy (PNIDS) after by degrees discussing HTTP proxy server of firewall and Intrusion Detection technique.Detecting engine is core of PNIDS, pattern matching is being applyed in intrusion detection. After analysing the being pattern matching algorithm , under the circumstance of main string is very long and patterns is shorter, this thesis introduces a improved BMH algorithm , enhancing detection efficiency.The PNIDS combines firewall and intrusion detection, it has both their advantages.It conquers their isolating application limitation in tradition , Therefore, it has the ability of detection, report and response. While ensuring the nice security of the system we also paid attention to improving its performance and usability in the system.
|