| Network and information security become to be more and more serious. All of the world are regarding the hurt aroused by hacker intrusion, information leakiness and virus flood as importance. Every country treats information security as national security. So what our national security office to do is to research information security technology more deeply. The Intrusion Detection is a new security technology; apart from tradition security protect technology, such as firewall and data crypt. We are studying intrusion detection today.Snort is a lightweight and powerful IDS, which have powerful fuctions and flexibility.Snort can be used in various situations.In the first place, this article analisyses security threatens lie in network applications, basic considerations of network security, PPDR module of network security architecture and the status of IDSs in this module. Then sets forth the basic structure and systematic of IDSs,and the characteristics and structure of Snort.Based on former analisyses,placing policy and solutions are introduced.In the end,solutions to establish comlete network security structures and to secure IDSs are introduced. What is more, we also research the Connect-history algorithm and found that realize the Connect-history algorithm on a Virtual honeynet can great improve the worm detection ability of snort.The keystone of this article is to build IDS using Snort, and to improve on rule matching alogrithms of Snort system: adding width search and adjusting the rules order dynamic to improve searching speed. The experiment indicates that using the two types, it is 19.99% and 20.50% quicker than before, which proves that the improve on rule matching alogrithms of Snort system increases the checking speed. |
PDF Full Text Request