The Study And Application Of Intursion Detection Systems

With the rapid development of computer technology, the Internet has made our life changed a lot. The Internet has become one of the most important communication facilities in today's society, as an information carrier, the Internet plays an important part in our work,study and life. The Internet technology is affecting the development of economic and cultural, at the same time, some people use its convenient way to break the law, the network security issues have become increasingly prominent, the issues make users worry. In order to solve the problem of network security, IDS(Intrusion detection system) was born. The IDS can find out the hidden trouble in the Internet by analyzing the network data. So it can provide the reliable guarantee for network security.Today the network bandwidth increases gradually, and the speed of network transmission grows faster and faster. We must improve the detection efficiency of the IDS to fit the situation. The detect engine is the core of IDS, so the method to improve the efficiency is to optimize and improve the detection engine. As a lightweight intrusion detection system, Snort has formidable detection capability, it can find out hidden threat to ensure network security by real-time analyzing IP packets log and data traffic. Snort can grade the alerts and make different responses for them.Study on the basis of intrusion detection technology, this paper analyzes the research status of the IDS and studies the related concepts and architecture of IDS. In the process of researching,this paper analyzes the key technology, distributed intrusion detection system structure, work principle of the Snort. By comparing common distributed detection system we propose the corresponding solution. We study the application of Snort in the distributed environment of network on the basis of analyzing Snort, provide a visual management interface by setting a number of detection nodes which are based on Snort, and realize the distributed detection through the centralized management and hierarchical distributed structure. By this method, we can increase the usability of Snort, reduce the burden of detection engine and improve its ability to adapt to the network bandwidth.