| The network attacks affairs become more frequently in recent years, theinfluence of these affairs become more and more broadly. People have paid moreattention to intrusion detection. Intrusion detection systems have become animportant component of the security infrastructure for most organizations.Intrusion detection systems (IDS) is a system combined with software andhardware. It can find the security problems in a computer or network byanalyzing the events occurred.Network-based intrusion detection systems (NIDS) uses raw networkpackets as the data source, and analyses all traffic traveling across the network inreal-time. Today, network-based IDS is the main method in intrusion detection.NIDS has much difficulty because the network bandwidth developed rapidly.This paper designs a network intrusion detection system for high-speed network.In this paper, we improve the tradition packets acquisition procedure andBoyer-Moore (BM) algorithm using zero copy technology. To solve thebottleneck in the environment of high-speed network, we present multi-patternmatching algorithm named AC_BM algorithm based on Aho-Corasick (AC)algorithm. Protocol analysis technology accepts two part's work, improves theperformance of IDS and reduces the misapprehensive and transudatory rates.Then, we design a feasibility project for detection rules database based onCommon Vulnerabilities and Exposures (eVE).Finally, we test the system and analysis the result. Compared withtraditional system, our system is suitable for intrusion detecting on high-speednetwork. |
PDF Full Text Request