Design And Realization Of Intrusion Detection System

Along with economical and technical development, network occupy the more and more important position in the life of people, at the same time,the security problem which network cause make more and more people notice, every year because of safe problem in network, for example, hacker invades, the virus infection etc. these result in economic expense which increase annually, it has attained thousands of million dollar,This will require we must pay attention to the network security. As a kind of active network security protection technology, intrusion detection system not only detects the intrusion from the extranet hacker but also monitors intranet users.It identifies and responses vicious behavior of using host and network resources.The thesis carried on introduction towards intrusion detection system first.The Intrusion Detection analysis methods have two kinds:one is misuse detection and the other is anomaly detection.Nowadays,the most popular IDS is network intrusion detection system using misuse detection method.Misuse detection technology is used to implement intrusion detection system based on network. Pattern match is used in misuse detection.Misuse detection technology first is to analyze knowrn attack,pick up characters of attacks,and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened.Secondly, on the basis of introduction to the normal intrusion methods and state of art of network IDS, contemporary challenges and trends are discussed about IDS.Finally, the author plans and completes a network IDS which adopt the protocol analysis and pattern match method. This paper uses the rules defined in Snort, and the parsing program for the rules has been implemented.Improving the speed and efficiency of rule detection by establish rule options indexed link list and adjust rule order dynamic. According to the different protocol, preprocessing Module includes the part of decoder of protocol data, IP fragments reassembling and TCP stream data reassembling.The rule detection module, which improves matching arithmetic and increases the system's performance, makes the system run faster.