| With the development of network technique, the security problems of the military network become more and more noticeable. Although we have a lot of security techniques, such as network firewall, virus detecting system, encryption technique, there are still a lot of services which had been attacked under the circumstance when they cannot be detected in time. Because these techniques belong to the category of passive defense system, the intrusion detection system comes out as an active defense system.As an important tool for network security, IDS can real-time detect system or network resources, timely detect intrusion into the system or network intruders, but also can prevent legitimate users from the misuse of resources. Through the system or network log analysis, IDS can obtain the current security situation of system or network and find suspicious or illegal acts.In this paper, we fisrt introduce IDS and distributed IDS, including function, model, composition and classification. Then we focus on the Snort Intrusion Detection System for in-depth analysis and research, including principle, system structure, packet capture mechanisms and detection rules. On this basis, in view of armed police in Urumqi Command College campus network, as well as the practical needs of the Snort Intrusion Detection System inadequate, we design and implement an enhanced intrusion detection system-ESnort based-network behavior. We also build a honeypot trap of the invasion to enhance detection ESnort function. Finally we test and apply the ESnort in Urumqi Command College campus network, and we make ESnort system and the firewall, GAP equipment and vulnerability scanning system to work together, and achieved better results. |
PDF Full Text Request