Study And Design Of Network Intrusion Detection System

The openness of internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to information security. As a kind of active measure of information assurance, intrusion detection acts as the effective complement to traditional protection techniques. Intrusion detection system is new generation of safety protection technology after firewall, data encryption security. It carries on the recognition and the response to the malicious use behavior of the computer and the network resources, not only from the exterior, but also from the internal. By real-time analyzing network data packages, network intrusion detection system can detect latency intrusion; greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats. However, the increasing expansion of the network scale and the increasing renewal of the intrusion method require intrusion detection system with higher quality.Based on the research of IDS developing status and direction at home and abroad, the author puts forward the idea that pattern matching combines with the technology of protocol analysis. Then ,after deeply having a study on common pattern matching methods of IDS, the author brings forward an improved pattern matching algorithm-NFMSA, introduces the method of latest protocol analysis to the network intrusion detection system so that misuse detection can be integrated with anomaly detection, and detailedly sets forth the model and design process of network intrusion detection system based on pattern matching and protocol analysis. Finally, the system is proved to have usability and high efficacy and efficiency of detection with experiment.The main work and novel ideas of the thesis are showed as following:The detailed description of network safety status and IDS's situations and defections.The detailed survey of definition, classification, principle, directions of Intrusion Detection System.Based on the deeply study typical pattern matching methods of IDS, the author puts forward multi-pattern matching algorithm, improving system completement, detection efficacy and efficiency.Based on research of the principle of TCP/IP protocol analysis, the author constructs Intrusion Detection System frame with combination of the technology of pattern matching and protocol analysis. Combined the Simple Protocol Analysis technology with Stateful Protocol Analyzed technology, intrusion detection system can detect existing attacks high speedly.The design and development of Intrusion Detection System prototype system, testing parts of system modules and analysis the result of experiments.