As a new active security-defensive mechanism , Intrusion Detection System can provide the host and network dynamic protection. It not only detects the intrusion from the extranet hacker but also monitors intranet users. Now next generation IDS are mostly using a strategy of combining protocol analysis which makes use of the specifications of protocol and outstanding pattern matching algorithm, to solve the contradiction between the accuracy and the timeliness.On the basis of detailed expatiation of BM-algorithm, a improved pattern matching algorithm which is more suitable for the condition of having more repeated suffix in the rules, was proposed in this paper. Then deeply probes into the packet capture module packet filter module and protocol analysis module of a IDS,according to network IDS framework based on protocol analysis .It implements a programe on the basis of the Winpcap libraryand its BPF mechanism to capture and filter data on the network interfacecard. And It implements a routine to analyze the important protocols in the TCP/IP protocol stack, such as IP, TCP, UDP and HTTP, which could make the precision and speed of intrusion detection improved.The network packet capture module and the packet filter module implemented in this paper can decode the TCP/IP datagram perfectly. The whole intrusion detection system has good ability of detecting some typical attack. |