Based On XML Intrusion Detection System Research And Implementation

From the internet generation, development, and now it is spread to every corner of the world, People become increasingly dependent on the network in everyday life, all sorts of security issues are also placed in front of people, Become a hot research in various scientific research institutions, it is a related to computer science, network technology, information security technology, communication technology, applied mathematics and other disciplines of the integrated curriculum. Traditional network security technologies based mainly on passive defense, use a firewall for the main body of the safety precautions. But in the face of the large-scale network and the complexity of invasion, firewall as the main defensive technology appeared to be inadequate, thus the intrusion detection technology produced.Using the invasion detection technology, we can analysis the information from the computer network, so we can identify the violation of security policy and which behavier has been under attack. Intrusion detection system can detect not only from external attack, but also can detect the internal security, it has practical significance and application value.Traditional intrusion detection system in addition to the hardware consists of a large intrusion detection system, other intrusion detection systems for basic research in a Unix system, for the majority of Windows users, there is the issue of universality and practicality, this article on intrusion detection systems are designed for Windows users, use XML records document, compared with conventional intrusion detection system, we both use a simple pattern matching technology and protocol analysis techniques, which improve detection speed and efficiency.This article discusses the current intrusion detection technology overview and TCP/IP protocol model, with specific attention focused on analysis of the signature detection technology, match the module's design and implementation process, through sockets for network packets, in a Windows environment for testing, and achieve the expected goals. Finally we summarized the text and elaborated this invasion invasion e- xamination system's insufficiency.