The Research And Implementation Of Intrusion Detection System Based On Snort

With the development of the computer application technology and communications technology, the Internet has become an important medium of information dissemination. Computer network is gradually changing the way people work and live. On the economic and cultural development of the world it also takes a profound impact. However, the rapid development of network technology and extensive application also gave a series of questions to people, which especially is the network information security. Intrusion detection system is in this context produced and developed. Through the analysis of the host log or network packet, intrusion detection system can prompt the discovery of intrusion and the alarm.However, due to the complexity of the current network environment, a single security tools have been difficult to complete the entire network protection. It had become an important research direction that what could be used to solve the combination of the application of network security products. And the design idea is the linkage from the application of this idea. This thesis built a model in which the honeypot system can be linked with the application of intrusion detection system. On this basis, the thesis proposes a practical solution of the intrusion detection system and functional modules of the detailed design and implementation.First, this thesis deeply researches the technology of intrusion detection, and explores the concept of intrusion detection system. The thesis discusses the concept of intrusion detection systems, including system architecture and the different categories and a brief description of the development process of intrusion detection system. Then, focuses on key technology research of Snort, which is used as lightweight intrusion detection system, introduces the overall detection system process of Snort, plug-in mechanism and detection rules, etc. After that the thesis proposes that the system design goals and overall design of the structure, combined with the characteristics of Snort, IDS using WinPacp designed data capture module implements network packet capture and filtering. While the characteristics for honeypot system design corresponding intrusion rules, Snort Intrusion rule base is improved, adjusted pretreatment program, introduced in the pattern matching part of the AC-BM pattern matching algorithms. Then complete the detection engine module development. After that design integrated communications module, which could combine with the application of honeypot system, including the implements of sending and receiving files, data encryption, authentication, and information extraction capabilities. Meanwhile, according to rules of the characters and methods, design and implement the data storage and alarm response module. On this basis, the intrusion detection system is deployed to the actual network environment, testing the whole system functional and analysising the data and statistical. Finally, summarized the works of this paper, and pointed out the further research of intrusion detection system.