| With the increasing development of Economy and technology, the computer network plays a more important role in people's life. At the same time, the network security problem leads to more losses in Economy and other aspects. So it is a new challenge to security in network, and requires a new security system in network.The traditional static security protection system, such as authentication, encryption, and firewall can't satisfy the increasing changes in network environment. The open source Intrusion Detection System-Snort, since it to be born, has the ability of multiple platforms support, real-time flow analysis, network data packet log and so on.Snort is a powerful lightweight network Intrusin Detection System. Eecept for the ability of supporting multiple Operating Systems, it also contains many alerting mechanisms including the syslog, SMB (Server Message Block), UnixSocket, WinPopup messages,for example. Snort makes use of a detecton algorithem based on pattern match, and provides a simple rule language and plug-in modules function. Users could add detection rules and processing functions written by themselves. As an open source software, Snort can satisfy the security needs of Local Area Network in campus, deploys easily and makes further researches. It helps the administrators to monitor network realtime data flow and detect intrusion actions.The thesis emphasizes on the architecture of Intrusion Detection System. With the research of the latest version Snort 2.8.5 and olds, we create the whole system architecture of Snort-Network Intrusion Detection System. It contains so many source codes, but in keeping with POSIX.1 (Portable Operating System Interface with Unix). By the research of Snort codes, it benefits us to understand data packets analysis and processes in essence, especially benefits developers to perform a new IDS framework and design advanced algorithms. It also leads to the next distribution IDS system and high performance IDS to become true. |
PDF Full Text Request