The Research And Design Of Institution Detection System For WAN

With computer and network technology in the social life in the application of the in-depth development of the computer network system computer security has become a hot research. With the development of network technology and the attacker increasing technology, a simple firewall has been unable to meet security needs, it can not control the internal network users and intruders through the firewall acts. Hence the need for a multi-directional, multi-style means to ensure network security. In the current network security technology,institution detection system (Institution Detection System, IDS) is undoubtedly one of the most popular technology. Intrusion detection technology can detect a system for the invasion or intrusion attempts, and real-time response.This paper presents MAN Institution Detection System Implementation. Switches, routers and other network equipment constitute important MAN equipment, and many of these networks with the equipment. In particular router, as the core of Internet equipment, is the forefront of network security checkpoints. MAN Intrusion Detection System is the core of specialized MAN who strengthens the security of an institution detection system. In this paper the design MAN Institution Detection System modules include the following six modules: network packet capture module, data-processing module, classification, analysis module, the module invasion of the rules, intrusion response and control module. Packet capture and processing module is the main access to the network traffic flows through the metro, including all the agreements ports, all subnet host all interactive data used in support of Sniffer NetFlow technology and the method of combining, and for Linux Development platform to Perl language development tools, will be collected by the network data preprocessing into NetFlow format. Timing analysis module will be generated by the acquisition of the NetFlow data files, generate reports automatically. These statements arising primarily the metro IP address and also the flow of various types of application traffic reports.In Institution Detection System design of a new detection engine, the engine of the rules used in the detection SNORT rules compatible with the format, and with rapid characters Boyer-Moore algorithm search model search. In the analysis and summed up the common blocking technology and the deployment of institution detection system on the basis of methods, which are described based on the campus network blocking module design principle and deployment of the realization of the institution detection system and a firewall system of organic integration.