Research And Implementation Of Intrusion Detection Engine In High Speed Network

Faced with increasingly complex environment, intrusion detection system becomes an indispensable component in network security facilities. However, the traditional intrusion detection software is experiencing increasing test. With the popularity of Gigabit Ethernet, standalone software is unable to bear such a rapid flow of data. There is more and more attacking method, the simple data packet contents match and simple protocol analysis has been unable to adapt to new security needs. Objectively, it needs a new kind of intrusion detection software which can adapt to the larger flow of a network environment and carry out in-depth protocol analysis.Intrusion Detection Engine is the core of intrusion detection software, it determines to a large extent the efficiency of the system. Engine efficiency can be improved through the use of high-performance algorithm, or through the hardware design. This system get efficiency through the network load balancing equipment .The data flow is separated in accordance with tetrad information using analytical engine. Aiming at greater flow of equipment, it just needs more PC machines. Comparing with traditional works on the single engine efficiency, this parallel approach has flexible configuration to apply at all levels of network environment. To improve the performance of the engine, this system uses not only protocol analysis and signature analysis technology, but also protocol parsing technology on the application layer data, which make this system able to do with more kinds of attack.This paper presents a simple definition of the rules. Stories from the past, it takes Keywords analysis approach to implement rules. This engine smooth the rules tree through port rules to reduce tree height. It improves the traversing speed of the rules tree. In addition, through the use of rules rely on network flow, this engine can track the attack sessions, which reduce the rate of false alarm and can be more closely tracking the network security situation.Finally, this paper uses several test methods to test this intrusion detection engine. The test results show that the efficiency and performance of this engine reaches the desired level and it can adapt to a variety of actual network environment.