Research Of Network Intrusion Detection System Based On Snort Platform

With the rapid development of Internet technology, the security issues of computer network have become an attention-getting focus. The intrusion detection, following the firewall and other traditional security protection technology, is the new generation technology of security defend, which discover whether there is the action of disobeying the security strategy and whether the system has been assaulted. The intrusion detection has become an important part of the information and network security architecture.This thesis introduces the major theory and technology of the intrusion detection, analyses the main technology and principle of a lightweight network intrusion detection system Snort, researches on the pattern matching algorithms of the intrusion detection, and presents the improved pattern matching algorithm and applies it in the Snort. The main work of this thesis involves:1. The intrusion detection theory is studied; the basic concept of the network security and the intrusion detection, the classification of the intrusion detection system, the intrusion detection technology, the intrusion detection frame model and standard, and the evaluation of the intrusion detection system are presented mainly; and the existing problems and trend of the intrusion detection system are pointed out.2. The classical single pattern matching algorithms BM, BMH, and BMHS are studied deeply. The improved algorithm IBMHS is proposed based on the BMH and BMHS algorithm. After several experiments, I found the improved algorithm could accelerate the matching speed effectively.3. The Snort rule, the working principle of Snort detecting, the compiling problems of Snort source codes in the platform of Windows are studied. The pattern matching algorithm set of Snort 2.8.1 version is tested; and the improved pattern matching algorithm IBMHS is applied in the platform of Snort to improve the performance of the system.4. Design and implement a prototype system of the network intrusion detection based on the Snort, in which the web console based on IIS and the graphical display of intrusion data and the attack info are adopted, and the results of the operation are presented as well as the analysis.