The Research And Design Of Distributed Intrusion Detection System Based On Network Processor

With the rapid development of computer and network techniques, network security has been paid more and more attention around the world. To take the place of traditional security program, intrusion detection (ID) becomes a new generation to an organizational information security program. As a key factor of information security program, intrusion detection provides critical protections from potential attempts to exploit computer resource vulnerabilities which greatly fetched up the limitation of access controlling and identity authentication. Intrusion detection has been become the research hotspot in the field of network security.Based on the former research of ID, this paper designs a distribuited network intrusion detection system model-DNIDS. By using network processor ixp2400 as hardware platform, utilizing the high performance and flexibility of ixp2400, applying high efficiency pattern matching algorithm based on tcam, using the intrusion detection technology based on protocol analysis, DNIDS analyzes intrusion from outside and activities without authorization from inside and provides real time alert and automatic responses.Aimed to the key technology of intrution detection, the three goals as followed are focused on.Firstly, a tcam-based pattern matching algorithm is proposed. Pattern matching algorithm is vital for intrusion detection based on misuse. The speed of pattern matching directly influences the speed and accuracy of intrution detection system. This paper presents a team-based pattern matching method, which improves the speed and avoids some lacks resulting from the increasing of the rule amount in traditional pattern matching.Secondly, a protocol analysis algorithm is researched. By using the knowledge of network protocols, protocol analysis can accurately capture the character of intrusions and improves the performance of intrusion and reduces the misapprehensive and transudatory rates.Thirdly, the design of communication component in DNIDS is proposed. In order to content the communication demands among the system, this paper prsents a design of communication component which could ensure real time alert and the confidentiality of transferred data.