Research Of Intrusion Detection System For High-Speed Networking

As a positive instrument of security prevention, intrusion detection system has an important function in protecting computer network and information security. With the rapid development of networking, currently based on the traditional NIDS hasn't accommodated the increase of network speed, so many new techniques of intrusion detection have grown up, such as overload balance and distributed technology. The thesis brings up an intrusion detection technique of combing data slicing and protocol analysis, and both the bottom of data collecting and the top of protocol analysis fulfill the thought of Slicing.At last the thesis concretely explains the intrusion detection technique of data slicing plus protocol analysis, which surrounds the two key characteristics of intrusion detection: the speed and veracity of detection actions. Data slicing is a process that data is taped from network device and sent to many slicing devices according to somewhat strategy, but the operation of slicing isn't arbitrary, which should keep the integrity of network connect, otherwise many attacks are ignored. Through inserting a core switch module between slicing device and sensor, the design assures the connect integrity. Protocol analysis makes use of message format information of data packets, refers to the concrete protocol standard, and bases on protocol state to deeply detect the implicit attack of messages, which then detects the abnormal messages in terms of the way of pattern match. Protocol analysis mainly includes decoding protocol and tracing session status, and before these it need to identify the protocol. The thesis designs the protocol analysis module in detail in chapter five, and describes the implement of protocol analysis of POP3 protocol as a sample. Major conclusions of the thesis are as follows:1) Slicing data is an effective way of improving the detection speed of IDS under high-speed network, and reduces the losing of data packet.2) Compared with the traditional technique of based on misuse and abnormal statistic, protocol analysis provides more precise detection and the location determining of attack.3) The direction of intrusion detection is the based on network node of it, each node only does the particular detection, and it does deeper intelligent analyzing after centralizing them in the future.4) It's hard to construct a strong security prevention only depending on a single security technique, intrusion detection need to be employed with other security techniques as to build up the more complete system of security guarantee.