Research And Implementation Of The Intrusion Detection Engine Of MSN Based On Deep Protocol Analysis And Dynamical Rule Set

The high frequency of network intrusion brings incalculable loss to users around the world. The appropriate defense work is not enough to ensure the system security. As an active tool for security protection, the intrusion detection system (IDS) can detect the invasion attack before the computer network suffers from harm, and intercept or warn the invasion, which provides the security for computer network. However, with the development of network, the IDS is confronted with enormous challenges.Presently, the IDS is provided with higher leakage rate and misinformation rate.How to improve the accuracy of detection and how to accelerate the speed of data detection are the keys to solve these problems.According to the higher misinformation rate of the existing IDS,a method is presented which is the deep analysis of protocol and analyses the protocol payload to improve the accuracy of invasion detection. Because of the content detection, the large-scale rules are brought to the existing system.When the system processes the pattern matching, the heavy burden leads to the depressed performance.For solving the abuse, a strategy of distributed pattern matching is proposed and the rules of different protocols are classified based on the protocol analysis, which reduces the rules at a certain extent. Furthermore,a dynamic rule-set strategy is presented to reduce the mass rules.Thus, when the IDS processes the pattern matching, the performances are improved and the speed of data detection is accelerated.Beginning with the requirements of existing network security and the developing status of intrusion detection, the main research and the structure are proposed. A reference model of intrusion detection is presented and the key technologies of the mode are analyzed. The technologies include the deep analysis of protocol, the intrusion detection based on states and the optimization of rules. The improved method which is proposed in this paper is provided with the crucial effect on the performance improvement of intrusion detection, which is verified by experiments.