| A Network Behavior Monitor System(NBMS) is a network log audit and manager system based on Intrusion Detection System(IDS), which has a more intuitionist watch on network behaviors than tradition IDS does. By analyzing the logs parsed by NBMS, the user can make manager strategies correspond to the actions from the network. This article is concerning on the system structure and function implements of a NBMS based on Snort which is a open source IDS.We are first to introduce the basic concepts of IDS and its common used techniques, by writing up the system structure and implements of standard Snort, the system structure and implements of the NBMS will be introduced. The NBMS is made up of three part modules, which are network packets accessing module, database and user interface. This article will mostly introduce the designing of the network packets accessing module, and with the deficiency of standard Snort, an improved technique will be advanced to improve the performance of the NBMS. |
PDF Full Text Request