The Implementation And Application Of An Instrusion Detection System Based On Snort

With the rapid development of Network Technology and its wide application, the dependence of industries on the computer network has become high increasingly. , It can't be imagined what the world will become without computer network. How to protect the purity and security of our network has become very important. After nearly 30 years development, the current network security technology has made great progress and the Intrusion Detection System is playing an increasingly important role.There are many commercial intrusion detection systems, but they are complex and difficult to grasp and very expensive. The snort is a powerful and open source code based network IDS (NIDS), which can analyze the data stream, record the daily IP data packet in real time and analyze the protocol, search and match the contents. It can detect various different attack methods and alert when it is attacked in real time. In addition, the snort has the good ability to expand and transplant. The snort obeys GPL and any organize and individual obeyed GPL can use it free. As the application being used more and more in recent years, BT (BitTorrent) brings us convenience but it also causes a lot of problems for network management. The rapid increasing of individual user's network broadband occupying causes the network congestion, slows the network speed and even makes the network unavailable. Therefore, BT flow is prohibited in our actual network environment to ensure the normal network application.This article establishes an Intrusion Detection System with the improved Sunday algorithm from Snort Intrusion Detection System of open source. In the light of the network problems caused by BT application, the corresponding detection rules on the intrusion detection system are established through analyzing BT signature. By so doing, the BT flow can be detected, and accordingly corresponding network technology can be adopted in the next step of network management.The research paper is composed of five parts:In the first part, it introduced the development and status of intrusion detection system, mainly Intrusion Detection System products at home and abroad, and described the development trend of intrusion detection technology.In the second one, it outlined the composition, common algorithm and classification of Intrusion Detection System.In the third one, the author described the principle and operating methods of Snort Intrusion Detection System.In the fourth one, an improved algorithm for Sunday was presented. In the fifth one, using the improved Sunday algorithm, a new Snort Intrusion Detection System was established, which improves the speed of matching rule, and makes the system more suitable for high speed network than ever before. Furthermore, the system will be used to detect and control the BT network traffic. At the same time, it can corresponding measures to deal with the computer intruded and safeguard the network, and ensure the service quality of common operation network traffic.At last, the validity of the improved Sunday algorithm and the Intrusion Detection System based on Snort has been proved in practice.