Study And Design Of Network Intrusion Detection System Based On TCP/IP Protocol Analysis

The intrusion event often takes place. It is not enough to build the safety system only from the defense side. IDS (Intrusion Detection System) is a new type of safety protection technology after traditional security protection method such as firewall, data crypt and so on. It identifies vicious behavior of using host and network resources. It not only detects the intrusion from the extranet hacker but also monitors intranet users. Intrusion detection is an active network safety protection technology.Firstly, this paper introduces the network safety problem and method including network safety aim, network threaten, traditional network safety technology and the network safety model PPDR. Secondly, this paper discusses the IDS in detail. The author discusses many kinds content of intrusion detection including the reason, function, standard and so on. IDS can be divided into two different types according to its origin of data. One is based on host and another is based on network. This paper discusses intrusion detection model and intrusion detection technology. ID analysis methods have two ways. One is anomaly detection and another is misuse detection. Thirdly, This paper discusses the theory of network intrusion detection system design and architecture. The place of IDS is discussed especially the network monitor palace. The author also introduces the data source and reponse technology.Finally, the author studies the technology of NIDS in Linux including the intrusion technology and system design. The TCP/IP protocol analysis technology is discussed in this program. The whole system frame is divided into seven parts: network packet capture module, network protocol analysis module, rules analysis module, intrusion event detection module, response module, storage module and interface management module. The BPF theory and libpcap are discussed in network packet capture module. It can make system design compatible. The author designs and realizes the technology ofetting the network data and the protocol analysis. The author also designs an intrusion event language. In protocol analysis the IP, TCP, UDP and ICMP analysis are discussed in detail. This paper discusses the intrusion analysis method including pattern match and protocol analysis technology used in the NIDS.The two methods are compared. The protocol analysis used in intrusion detection system can make it more accurate and more efficient. In storage module the network data is stored in MySQL database. It can be analyzed afterwards. In the process of building intrusion event language the signature, rules form, rules option and progress of rules match are discussed. The intrusion event language makes the definition of intrusion event easier and makes the IDS expand more easily.