Research And Implementation Of Network Intrusion Detection System Based On Protocol Analysis

With internet development fast, more and more people start to use internet for communication. With convenience internet is considered as a part of people's life now, but at the same time many security hidden trouble is on internet, this situation may offer network intrusion chance and possibility to some people with ulterior motives. Network security problem becomes more important. According to estimate at present network intrusion businesses grow faster year after year, it is current research content that how to solve network security intrusion of problem effectively.This paper first analysis of the status of network security, and then detail the concept of network security, the status and the key technology that several key technologies of network security, namely the firewall technology, data encryption, access control technology, network intrusion technology, and virtual private network technologies, as well as other network security technology, in this on the basis of focusing on intrusion detection Technology of network security technology. Intrusion detection is different from other security technologies; it is an active security protection technology. Intrusion detection, by definition, that is the detection of intrusion behavior. It passed from the computer network or a number of key points system in to collect information, and analyze such information to identify the network or system whether there is a violation of the safety strategy acts and attacks on the signs. Intrusion detection technology can be implemented to find the attacks on the network, so that people know ahead of the invasion event, in order to provide adequate time to deal with the attack. Article chapter III discussed the basic concepts of intrusion detection, development history, classification, system models, process analysis evaluation criteria and development trends in detail. Chapter IV brings forward intrusion detection system design model, and introduced the system design and system main functional requirements and the various functional modules introduced. Chapter V and VI implement network packet capture modules, protocol analysis modules, rules analytical modules, intrusion detection modules, memory modules and test modules concretely. Therein to the network packet capture module and protocol analysis module with more elaborated, because the network packet capture mode is the key in Intrusion detection block, it is good or bad will directly affect the whole a level of the efficiency of the system, in the network packet capture modules, in network data packets modules the flowchart are given and core code. Protocol analysis module is also emphases of improving efficiency in module, via the integration of pattern matching and Protocol analysis, It will cause a marked improvement in the efficiency of detection and enhance, it analyses the basic knowledge of protocol analysis detailed in protocol analysis module, and then there are IP, TCP, UDP, ICMP Protocol, protocol analysis modules complement is next. The pattern matching algorithm is researched in detail in intrusion detection module, also analysis of BM algorithm, and BM algorithm was improved. It uses one of simple,flexible and effective rule description language to depict intrusion rule in view of intrusion rule description way of snort rules analytical modules. After the response modules and memory modules are explained in detail, part of the system function is tested.At last, the paper makes a summary on the base of research work, and expectation for next work direction and content.