The Research And Implementation Of NIDS Based On IXP2400

Intrusion detection system (IDS) plays an important role in critical infrastructure protection mechanism. Currently, It is impossible to avoid network intrusion absolutely. Network security administrators should do their best to discover the intrusion and the intent to attack in order to take effective measure to block leak and repair computer system.Nowadays, we have won a lot at research of intrusion detection. With further studying at computer system and intrusion behavior, there are many detection methods brought forward such as expert system, neural network, data mining and mobile agent etc. But, It is limited to use anomaly detection and misuse detection in practice. Furthermore, misuse detection concentrates on signature match, i.e., string match. Actually, the difficult of intrusion detection focuses on detection efficiency, fault alert and failure alert. As for detection efficiency, we can adopt hardware to overcome it. In this article, we bring forward a solution to realize network intrusion detection system (NIDS) based on Intel network processor (IXP2400). It can decrease fault alert and failure alert while improving detection efficiency. I think it has practicability for current high-speed enterprise network.This article consists of three parts, including IDS research, Intel network processor and the design and realization of solution. In the first part, network security problem, intrusion detection theory and CIDF are introduced. Then, we would discuss current problems of intrusion detection. In order to overcome these problems, the solution in this article should be put forward.In the second part, we mainly introduce Intel network processor and it's principle. The hardware structure of IXP2400 and its advantage as platform of intrusion detection are also described in details.The last part, the most important part of this article, concentrates on the design and realization of solution, including packets receiving, intrusion detection, and thread scheduler and performance optimization.In this article, we attach importance to detection arithmetic, data communication in thread and communication protocol used to transfer alert information in detection entity. According to the request, we realize a NIDS based on IXP2400 that has essential function.