Distributed Intrusion Detection System Research And Application Of Teaching Network

With the development and the popularization of computer network, the problem of network security becomes more and more serious. As an initiative network security solution, intrusion detection system collects and detects the information from an amount of key nodes in the network, in order to find the behaviors which are violating security policy. Intrusion detection system can not only detects external attacks, but also monitors internal unauthorized activity. It expands the administrator's capabilities of security management, improves the integrity of the network security infrastructure, compensates the shortcomings of traditional security protection technology effectively. It is considered to be the second security gate after the firewall. Therefore, we should pay more attention to the intrusion detection system. Distributed intrusion detection network security is one of the hotspots.Based on pattern matching, snort is a lightweight network intrusion detection system. Its expandability and cross-plat formability can satisfy multiple operating systems and application environments. In this paper, based on the research of the snort's architecture, we detailed analyze the structure and the resolution process of the snort's rules. For the character of time-concentration with network attack, a snort rule chain dynamic sorting method is proposed. Experiments prove that, although this method increases the initialization time of snort's rule chain, but the efficiency of snort's rules is greatly improved on the matching speed.As the intrusion detection system existing can not detect the pornographic information when the student groups are learning with the Internet. For teaching network environment, anti-pornographic rule base is designed. Calling the snort's main functions and the asymmetric information comparison module, a distributed intrusion detection system which is suitable for teaching network is built. It can provide the detection of early warning when it finds the risk information, virus, the illegal operation, or malicious attacks during the student's access to the Internet. System modules include:console module, distributed probes, asymmetric information comparison module, anti-pornographic module. Probe mainly contains the data packet capture module, protocol analysis module, the invasion matching module, exception processing module, the rule parsing module. Experiments prove that, the system will give a positive effect when students encounter the pornographic information in the Internet, which is important to the teaching environment.