| Intrusion detection is one of the most important methods to detect and defend network attacks. This paper introduced several issues on snort, which was a famous open-source intrusion detection system and its'improvements. We analyzed the architecture and inner working of snort and then introduced the fast packet classification and rule manager for multi-pattern matching. The new processors of snort are reviewed, too.We designed and implemented an IDS named snorting to support dynamic rule updating based on snort. Snorting divided the system into 2 threads, the detection thread and rule updating thread, by using multi-thread technical. Snorting can update its rule and reload the processors without dropping packets or statistic information. The graphical user interface of snorting can generate snort rules for users, and help users controlling the running level of snorting. Snorting can receive messages from other applications, so we can port it to embedded system easier than snort.In the last chapter we discussed several testing methods of intrusion detection systems. The evaluation of snort and snorting proved that the performance of snorting was equivalent with original snort. |
PDF Full Text Request