| Intrusion detection systems (IDS) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. As network attacks have increased in number and severity over the past few years, intrusion detection systems have become a necessary addition to the security infrastructure of most organizations. Network-based intrusion detection systems (NIDS) uses raw network packets as the data source, and analyses all traffic in real-time as it travels across the network. Currently, IDS focuses on Network-based IDS, instead of Host-based IDS. NIDS has much difficulty with the rapid development of network bandwidth. This paper designs a network intrusion detection system for high-speed network. It implements some new designs so as to overcome faults of pass systems and detects attacks more accurately an efficiently. This page we improve the tradition packets acquisition procedure based on zero copy technology. To solve the bottleneck in the environment of high-speed network, we combine the thought of Boyer-Moore algorithm with that of Aho-Corasick algorithm, then we described a faster multi-pattern matching algorithm named AC_BM algorithm. Protocol analysis technology accepted two part's work, and it greatly improves the performance of IDS and reduces the misapprehensive and transudatory rates. And then, we design a detection rules database based on Common Vulnerabilities and Exposures (CVE), and put forward a possibility's project. Finally, this paper does some performance tests and analysis of system, and compares it with old system. |
PDF Full Text Request