Research Of The Active And Preventable Intrusion Detection System

In general, Intrusion Detection System (IDS) includes Event generators, Event analyzers, Response units, and Event databases. The key one of the four groupwares is the Event analyzer.In Network Intrusion Detection System, Event databases have got a lot of network data packets. So it spends much time and many system resources to analyze the packets in the course of pattern matching. The mostly modern network intrusion detection systems inspect the network data packets at a speed of tens of MB, but the network traffic is increasing at a speed of hundreds or thousands of MB. The conventional software-implemented string matching algorithms have not kept pace with the increasing network speeds, a potential bottleneck have been resulted in. So we have improved an AC-BM algorithm to settle the bottleneck problem in the paper.In addition to IDS, our computers are probably running firewalls, bugs-scan tools and so on. The whole system security needs exchange information among the security groupwares, cooperate in harmony, response to find out attack actions and interdict from attacking. In addition, spyware and advertisement software also trouble us. So we established an active and preventable module based on our improved AC-BM algorithm for these problomes.We first introduce the concepts, models and classification of IDS.Then we also introduce CIDF, disadvantages and limitations of IDS.As a result, we know purpose, status and background on our paper.We introduce knowledges of network, and how to capture network data. We also introduce functions and data structures of Libpcap because data packets are captured by functions of Libpcap in the Linux OS. We primary illustrate the application captured network data packets, and print out the result of our experiment.We briefly introduce the models of TCP/IP, encapsulation, code format and data structures of TCP/IP and so on. The introductions are very important because they are required by our data packet protocol analysis and payload analysis.Of course, our emphases are to how to analyze data packet,how to design models and how to realize applications. Finally,we print out the result of our experiment. We illustrate the part: How to improve AC-BM algorithm.We introduced its principle, algorithm realization and so on. We also tested the improved AC-BM algorithm and analyzed its result.We established an active and preventable module in order to do more deep prevention and cooperation in hamony. We also tested anti-scan, anti-spyware and anti-advertisement software.In the end ,we concluded our works and presented our plans in the future.