Study And Implementation Of Network Intrusion Detection System Based On Protocol Analysis

Threat of network is more complex and much larger than before, and network security also becomes more and more important, along with network widespread used. Network security is a dynamic system engineering, and the single security products is not enough for the building of network security, the three-dimensional security system including anti-virus, firewall, network intrusion detection system, hole scanning and other security products has been recognized by industries and users.Network intrusion detection system as a kind of proactive security protection technology, provides real-time protection system form external intrusion, and prevents erroneous operation of internal users. Intrusion detection technology with its dynamic and proactive work theory becomes the most important part and an important study topic.Firstly, this paper discusses network security knowledge, including network safety problems, network threaten, policy of network security and two models of network safety. Secondly, the paper discusses IDS knowledge, including the principles and standardization of IDS, etc.The paper studies traditional signature analysis technology and a new intrusiondetection technology--protocol analysis technology. Currently network intrusiondetection system mostly uses signature analysis technology, and this technology has its disadvantages, such as high error rate, high transudation rate, low speed of detection, but protocol analysis method can increase accuracy of the system, reduce the error rate and increase detecting speed.The author study and build the rule description of the system based on protocol analysis after studying basic theory. The author introduces system design objectives and experimental environment, and designs whole system. The system includes eight modules: network packet capture module, protocol analysis module, rules databases, rules analysis module, storage module, intrusion event detection module and interface management module.Finally, the author implements a network intrusion detection system based on protocol analysis on Linux Operation System.