| With the development of computer networks technology,computer networks has been becomed a common base establishment uesd widely in people's daily life. At the same time,computer network security problem become more and more seriously,only use firewall technology is far less than enough,so as a complement of firewall,Intrusion Detection System has been become a important topic of network security field. But at present,The use of IDS has given rise to other severity problem,the false-positive rate is too high.IDS can produce a mass of alert in short time,most of them are not true.This shortage brings big trouble to administrators. Because of this difficult problem, prople are suspicious of IDS capability.In order to deal with this trouble,this paper proposes to use packet filter technology to reduce IDS high false-positive rate First,this paper makes a introduction to intrusion detection technology and IDS snort system,and detailedly analyses the protocol decoder model of IDS snort system.And then,presents a improved IDS snort architecture which added a filter module,sets filter rules according to local network environment,and uses C programme language to implement this module.Finally,makes a evaluation for this improvement,the evaluation resulet indicate that the IDS snort which added filter module can evidently reduce false-positive rate.Besides,this paper also improves the ACID's(Aalysis Console for Intrusion Databases)query and display module,the improved ACID can show the alret's priority,this improve makes the administrators's work conveniently. |
PDF Full Text Request