Research And Design Of The Intrusion Detection System Based On The Wireless LAN

Intrusion Detection System is a network security technology which protects computers from attacking pro-actively. As a reasonable complementarity to firewall, intrusion detection system technology can help computers'operating systems deal with network attacks, so, it expands the system administrator's security managing capabilities and enhances the integrity of the infrastructure about the information security.Based on the in-depth analysis of wireless LAN technology and intrusion detection technology, on the basis of the wireless LAN features and interpolation design ideas, a wireless Intrusion Detection System Mode which test comprehensive from data link layer to the application layer is proposed in this paper, we give the framework and the primary processing steps, and we give the detailed design and the implementation of the key modules. The system consists of detection agents and the control center. Detection agents include package capturing module, pre-processing module, protocol decoding module, protocol analyzing module, rules analyzing module, and so on. Detection agents can operate independently, as well as work together, exchanging information, which is controlled by the unified management control centre. Package capturing module is responsible for the monitoring, capturing the raw data package from the network, and filtering the data packages in accordance with the requirements. Protocol decoding module is responsible for decoding of the original data package based on protocol tree, helping pre-processing module and analyzing module conducting the invasion. Pre-processing module does the pretreatment of the data packages, on one hand, the invasion information of the data link layer can be found, on the other hand, support the detection analyzing module for the final preparation. Rules analyzing module analyzes the content of the rules, and set rules to memory to format the chain. Analyzing module submits the data to pre-processing module, using the rules of the BM algorithm and the rules in the ruse base to analyze comparatively, to determine whether there are some attacks or intrusions.Experiments show that, the system can work in the network environment stability, and can quickly detect wireless network intrusions. The system needs to update the rules base to detect new attacks, but the new attacks not in the rules can not be detected.