Research On Intrusion Detection System Based On Pattern Matching And Protocol Analysis

With the extensive application of computer networks and information technology, the security of network is becoming exceedingly critical.Following the firewall, data encryption and other traditional security measures, Intrusion Detection System (IDS) is a new technology of protecting the safety and security of network. It can identify and respond to a malicious use of computer and network resources. IDS can not only detect from external intrusion, but also monitor the unauthorized activities of internal users. Intrusion detection technology is a pro-active technology which protects network security.As the continuous expansion of the scale of the network and the emergence of diverse means of invasion, intrusion detection technology which is based on the traditional pattern matching has been unable to meet the needs of intrusion detection, while protocol analysis can meet the needs because it is the third-generation intrusion detection technology based on highly regular of network protocol. Therefore, the combination of pattern matching and protocol analysis in intrusion detection system gets hot in the field of network security.The paper analyzes the current intrusion detection system, as well as the technology of pattern matching and protocol analysis. In terms of the inadequacy of current intrusion detection system, the author discusses the advantages of the combination of pattern matching and protocol analysis in intrusion detection system in detail and study the importance of the efficiency of pattern matching algorithm in high-speed networks, and a variety of pattern matching algorithms. And then the author also proposes two new algorithms PBM and FCAC_BM. According to the Common Intrusion Detection Framework (CIDF) which is proposed by International Intrusion Detection System Standardization Organization,the author designs an intrusion detection system based on pattern matching and protocol analysis. The system can take full advantage of highly regular of network protocol to detect the existence of an attack so that it can greatly reduce the amount of the testing process and increase the accuracy of detection. Moreover, it can improve the system' s overall performance by using the PBM new improved algorithm in the pattern-matching process. To some extent it solves the problem of the intrusion detection system the high rate of error and omit. In conclusion, the author summarizes the research and presents the next phase of the research.