Research And Implementation Of The Intrusion Detection System

Intrusion Detection as a means of initiative security defense, through analysis real-time streaming data on the network and found the potential threat of invasion, and increase the safety of the network security capacity maximally.This paper analyzes the current status of network security. Then we think there is necessary to use intrusion detection technology on the network security. And we make still the design of the overall intrusion detection system framework that included five modules: packet capture module, data analysis module, the rules of analytic modules, response module, log subsystem, and raise the ways to achieve each module. Meanwhile this paper focus on the packet capture module and data analysis module in the detection engine modules.Capture data packets is the foundation of intrusion detection technology. The traditional intrusion detection technology use general BPF filtering mechanisms based on the capture tool kits. The mechanism needs two copies, one is from the network equipment to the memory space and the other from memory space to the user application, and there are much defects such as less efficient of catching package and CPU utilization rate of not higher. Thus this paper takes Zero-copy technology to improve the traditional methods of catching package. Through the realization of network interface equipment storing directly date report on DMA data to the application Procedures, zero-copy technology can avoid memory operations in the core text of the data reported transmission and effectively reduce the network communication delays and save the CPU workload.Detection engine module as the core of intrusion detection system, its the backbone of the BM pattern-matching algorithms is simple, and technology is mature, but it is not considered the suffix match and the neighboring relations among the current characters which led to the failure of match, which made the algorithm efficiency not high. This paper has made a improved design of the BM algorithm. The algorithm through the longest prefix match, can get mobile number of models strings just to find a table, which will reduce computation on the testing process and improve detection accuracy and the overall system performance.Finally, we test the performance of the system. By comparison of the traditional system performance, we prove that this system designed in this paper has many advantages such as more efficient in match catch, lower resource consumption. At the same time we summed up this research work, said the next step of research.