| The openness of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to Information Security. As a kind of active measure of Information Assurance, Intrusion Detection acts as the effective complement to traditional protection techniques.By Real-time analyzing network data packages, Network Intrusion Detection System can detect latency intrusion, greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats.The Pattern-matching technique is just the core of misuse IDS. In this dissertation, after particular researching the traditional pattern-matching algorithm, we propose a good-efficiency Multi-pattern-matching algorithm, which is named E-BM. In course of disposing large-scale patterns, using the E-BM algorithm consumes much less time than using the BM algorithm. Applying the E-BM algorithm into the IDS, we find the checking speed and efficiency of the IDS is improved clearly.We propose a BM-based NIDS, which is named WNIDS. According to CIDS(Common Intrusion Detection System), we divide the WNIDS into four functional modules, the data package taking and analysis module, the preliminary dispose module, the detection module and the log and alert module. Then, explain and realize the four modules respectively. The whole system frame uses "insert" mode increases system's flexibility.Lastly, we test the checking efficiency of the E-BM algorithm by experiment. To the result of the experiment, E-BM algorithm improves the checking efficiency of IDS clearly in course of disposing large-scale patterns. |
PDF Full Text Request