| With the development of Internet, the network services, such as E-Bank and E-Commerce are becoming the part of life. Along with development of Internet, the importance of network security become more stand out and turns into focus of society.The Intrusion Detection technology is a new security technology, apart from traditional security protecting technology, such as firewall and data encryption. It monitors the computer or network and reacts to the vicious intrusion or suspicious activities. It has become more and more important.With the comprehensive analysis of the vulnerability of the network and intrusion behaviors, the network based Intrusion Detection System (IDS) becomes more and more important in network security. In the mean time, this young field also meets many challenges today. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detection as well as how to realize the interoperation among the IDS and other security products.This paper introducing the corresponding background knowledge, the class of the Intrusion Detection technology, common detection method and work theory. Start with user level and kernel level, the paper study the principle of data filter in IDS. Basis of the work, the paper bring the viewpoint that exploders the package snifter in kernel level using NIC driver for improving filter capability of packages in kernel level. At one time, using analytical method of function, bring the viewpoint that optimizes rules tree by tree structure, and decompose subtree by protocol character, and reduces average compare times, efficiency of package filter will be increase by the work. |
PDF Full Text Request