Design And Implementation Of Web Based Intrusion Detection System

The Intrusion Detection technology is a complementarity technology for traditional security protecting technology, such as firewall. It can identify and response to malice activities. We can detect, alarm and record intrusion activities with IDS that also could be used in analysis after intrusion events and help user to find system leaks. It also can stop intrusion activities with the linkage of other security technology.Through the study and research of IDS, we implement an IDS based on web in laboratorial environment. It uses pattern matching method and runs under network environment. The IDS gathers network-packet in real time, and sends the analyzed results to database. In the end, user will know network's security status from web analysis module.This thesis consists of three parts: NIDS's design and implementation: We design and implement event generator, event analyzer and response unit through the research of PPDRR Model. Further more, the IDS's speed of detection is improved through the decrease of the times of detection to network-packet by applying new characteristic-string matching algorithm. Network load balancing system: We put forward a network-packet load balancing system that can be achieved by Linux cluster. By this means, IDS's performance will be improved greatly. NIDS based on web: From this module user can get visual and understandable results of intrusion activities which will be useful for user to know current network security status and enhance network's security purposely.