The Research On Intrusion Detection System Based On SNORT

With the fast development of Internet, the information security has become very important in network communication applications. Intrusion Detection System is one of the most important methods to detect and defend network attacks and has been another defending line behind firewall. To deeply analyze the theory of Intrusion Detection System, it has significant effect on system research and practical engineering. At first, after introducing the present situation of network security, we analyzed the security architecture of network service, and summarized the different motheds of network attack and defending. Basing on the analysis, we got SNORT which is a famous open-source Intrusion Detection System as a research target, analyzed its architecture and principle, and especially formulated its characters including the fast packet classification and rule manager for multi-pattern matching. Thinking over the development of Internet, after deeply studying on the next generation internet protocol IPv6, we discussed and detailedly designed the key techniques about how to enable SNORT to work under IPv6/IPv4 environment. These work aims to prepare for independ second-development of SNORT. At last we discussed several testing approaches of intrusion detection systems. Connecting with the practical engineering, we do a general testing and evaluation about SNORT. The experiment has afforded the reliable data and proofs to the research on engineering.Our research work primary focus on the four crucial points below:①We systemic analyzed and summarized the security architecture and techniques in network communication.②We deeply formulated the general architecture and constitution of open-source intrusion detection system SNORT. After carefully analysising the source programe of SNORT main modules, we discovered the many important algorithms including fast packet classification and rule manager for multi-pattern matching.③We discussed and detailedly designed the key techniques such as rules construction and paring, IPv6 packet decoding and fast matching, IPv6 fragmentation and reassembly, transition technologies and IPv4 compatible, etc. Meanwhile, we have given the advised measures on how to enable SNORT to work under IPv6/IPv4 environment.④Connecting with the practical engineering, we have do a general testing and evaluation on SNORT. The experiment proved that the performance of new version SNORT was excellent and good at running for a long time. Its ability achieved the engineering requirement. On the other hand, it should improve the ability of analyzing and disposing the exceptions, especially lacking of supporting for distributing environment.Basing on drawing a conclution of our research work, we advised the future research should be in improving the ability of response and predicting, cooperative defending and etc.