| With the rapid development of computer and network, when more and more company and user surf Internet, network security becomes an unavoidable problem people have to face. Firewall is the first line of defense traditionally. Now single firewall can' t protect network security in that hacker have more and more enriching knowledge and evasion tool and means become more and more complex. It is necessary to adopt a deep and multiplex method. Under this background, intrusion detection has been an active research field at all times since 1980's. As one important component of detecting illicit activities it aims at computer and network and preventing them from destroying, Intrusion Detection System was born. Based on the resource of detecting data, the Intrusion Detection System could be divided into two types, one is the Network-based IDS(NIDS) and the other is the Host-based IDS(HIDS). As the NIDS could be accurately defined, easily deployed and has good performance, at present, it is used widely. First, model, constitutes, category, trend and problem of IDS is presented, and then pattern match which is applied widely is introduced from the aspect of theory and technology. In this thesis, the shortcoming of four parts of the NIDS is analyzed, which are defined by the Common Intrusion Detection Framework (CIDF). Also in this thesis, principle and performance data of BM arithmetic of Snort are discussed in detail. an open source-code system, the Snort, is discussed to give some methods to improve its rule matching system and the speed of intrusion detection. The methods that is adopting special character string algorithm to reduce the frequency of string matching. Every method and its experimental data are attached.
|
PDF Full Text Request