Network Security Project Based On Intrusion Detection And Log Audit

As the development of computer and communications technology, the Internet turns into an important medium of information transfer and show. Network not only slowly change work and lifestyle of people, but also make a tremendous impact on economy and culture. However, some dangers also hide behind the convenient, which is particularly evident are the network information security issues. The emergence of intrusion detection system gives people a secure lock when they are online. However, there are a lot of problems in current intrusion detection systems. For example, leakage / high false alarm rate, there is no active defense capability, the lack of precise positioning, not very efficient protection network.The complexity of the network environment decide the multi-directional of security tools.Intrusion detection system is a pre-detection system, however, the string matching problem has been the bottleneck of the system to effectively detect. This dissertation describes the pattern matching principles of Snort and analyses the common matching algorithm, and then advances a marked location in the array. This method is by recording the position of the character string been matched, and store them into the positioning table for character match, the same as the routing table of routing algorithm. Meanwhile, the rules in the rule base have a dynamic sort and deletion, which can improve the matching speed of matching common rules.But the intrusion detection system can not do anything for a new type of network attack , and have no solutions for response after the attacks.This dissertation analysis the post audit program, especially the audit system base on log, and then propose a more intelligent model of network security audit log. The model dynamic increase rules of the network crisis, according to specific needs of the new rules to add and modify. At the same time adding the log classification system before the system of log analysis, greatly improved the efficiency of the audit log.These programs can not only solve the problem of low detection efficiency, but also capture and follow the characteristics after the invasion, the network will be the presence or risk of existing alarm and the appropriate treatment is given. There is a reply project between the prior invasion and after the invasion, which can more comprehensive protect the network.