Study And Design Of Intrusion Detection Technology-Based On Protocol Analysis

The traditional intrusion detection system can no longer meet the needs of network security in detection rate and accuracy, Intrusion detection technology in the protocol analysis method has become one focus of the study. The current protocol analysis has many defects, for example, the technical is single, normal data packets can't be detected. Combining our college's campus network security management platform, this thesis proposes intrusion detection system based on protocol analysis.This thesis studies technologies of intrusion detection system, including protocol analysis, protocol rule matching etc, points out the advantages and disadvantages. According to the characteristics of protocol analysis, the system combines protocol analysis detection technology of network anomaly detection with the traditional pattern-matching technology. Through the advantage of highly regular network protocol, the system reduces the complexity and ensures the accuracy of detection and prevention of omission with pattern-matching methods. The overall design of the system includes data pre-processing module, the matching detection module based on protocol analysis, the rules of analysis module, and memory module etc. The system deals with packets by protocol analysis, and extracts the data, then finds information in line with the characteristics of the attack effectively by a specific attack on the rule matching , afterwards report to the system or other response.In the realization of the intrusion detection system based on protocol analysis, the system uses the advantages of protocol analysis to detect the attack packet features, at the same time according to the protocol type to deal with data. The system effectively reduces the range of pattern matching, so the detection is more targeted and the rate is higher. With the technologies of pattern matching and data analysis, the system obtains good results in common DoS attack detection. The system can make judgments and respond to invasion quickly and accurately.