The Research And Design Of Network Intrusion Detection System Based On Protocol Analysis

With the rapid development of the network technology, the daily life is heavily dependent on the Internet information access nowadays. And the network security, as one of the critical issues, has been ceaselessly developed. The passive network security technologies, such as encryption and firewall, are insufficient to provide effective guarantees of network security. As an active network security technology, Intrusion Detection System (IDS) could detect the unauthorized intruder to the system and it could also monitor the authorized ones to access the system resource illegally. Based on the protocol analysis, some new network security monitor model and its detailed implementation were proposed in the paper.There are some great challenges to the network intrusion detection system today, such as: (1) how to raise the detecting speed to meet the increasing bandwidth;(2) how to reduce the false alert or missed alert to enhance the detecting accuracy;(3) how to improve the cooperation with other security products. Some improvement on the system architecture and detection method of the IDS has been achieved.Intrusion detection technique is the key of IDS. Some new detection method based on the protocol analysis is proposed, combining with the pattern match and the decision tree. Integrated with the finite automata theory, the protocol status analysis model was implemented so as to detect the abnormity of TCP. The experiment showed that it could improve the accuracy and efficiency of the IDS.