Study Of Distributed Intrusion Detection Based On Pattern Matching And Protocol Analysis

As a new generation of network security protection technology, intrusion detection has been widely concerned and researched in recent years. Intrusion detection systems and firewalls complement each other greatly enhance the security of the entire network environment. Intrusion detection can not only detect attacks from outside the network, and be able to find illegal activities within the network . Therefore, intrusion detection technology has become a research hotspot in the network security field.In this paper, for a large-scale distributed network, a network-based distributed intrusion detection system model is proposed, and a network-based intrusion detection system is designed and implemented. Meanwhile, in oder to solve the single point of failure problem of the distributed intrusion detection system, a solution is presented.In this paper, the logical structure of the snort detection of the rule tree is analyzed, and improved rule tree is used. The improved rule tree can significantly reduce the number of matching rules is verified by an example. Meanwhile, matching sequence and good suffix rules of BM pattern matching algorithms are improved and achieved. Improved BM algorithm can reduce the number of sliding mode and the character string matching times is verified by an example and a program, and the speed of pattern matching is increased. Finally, BM algorithm is implemented by VC++. Moreover, according to the characteristics of TCP protocol, state protocol analysis method is used. We analyze how to set the time interval value ofΔT and the threshold value of N, and the existence of direct proportion relationship betweenΔT and N is proved, that isΔT =kN(k>0).In addition, the implementation of the network-based intrusion detection system statistics of the network packets of different protocol number in this paper. Therefore, it is easy to monitor the network traffic. In oder to convenient to view the results of protocol analysis and intrusion detection,the analysis of different protocols and intrusion detection results are displayed in a different list, and data can be backed up by the system. At the same time, filtering function of agreement acknowledges module reduces the burden of the system, and improves the security of the intrusion detection system of their own.