| Theintrusiondetectionisanemergingtechnologyinthenetworksecuritysystem,itis one kind of initiative defense technology, and it also is the focal point which thenetworksecuritypaysattention.This article introduced the technology about the intrusion detection, conducted theresearch to opening source code network intrusion detection system ---Snort, especiallyto its detection model, detection principle, detection engine and it's work flow, systemframeworkaswellassystemplug-inmechanism, and conductedfollowingtwoaspectsresearch and the improvement in this foundation in view of the deficiency of the Snortsystem pattern matching algorithm and its diary warning document. First, the patternmatching algorithm based on the characteristic, it was proposed in the research toclassics BM algorithm and its in the improvement algorithm foundation, enhanced theintrusion detection efficiencyand the speed, meet the request of the high speed networkto the intrusion detection system's. Next, the diary warning management system wasdesigned and realized, this system used the database middleware technology hasshielded the difference between the different database, at the same time has providedfunction of inquiry, analysis, statistics and so on, enhanced the network administrator'sabilitytoanalyzethediarywarning. |
PDF Full Text Request