| Based-network intrusion detection systems (NIDS) use raw network packets as the data source, and analysis of real-time on line. In recent years, with the large number of high-speed network technologies such as ATM, Gigabit Ethernet, G-bit fiber-optic network emergence, the traditional intrusion detection technology based on pattern matching can not meet with the high-speed network environment for data processing and analysis capabilities. High-speed network environment of network intrusion detection systems are real-time detection, the problem which should be solved firstly is how to efficient the intercepted data packets, secondly, quickly judge the existence of attacks. How to optimize intrusion detection' systems and improve their efficiency is very important.In packet captures links, the paper adopts zero copy technology, the test procedures can be directly to capture network data access. That can reduce the number of copies of data and the system calls, and eliminate the CPU in the aspects of the burden. Intrusion Detection Systems use the technologies of pattern matching and protocol analysis. The technique of protocol analysis analyses the rules of protocol and detects the attack more rapidly and exactly .The IDS based on technique of protocol analysis can reduce rate of missing alarm and failing alarm, and has advantage of reducing usage of recourse of the system. This paper also introduces some single-mode matching algorithms and multi-mode matching algorithms. Through the hash function, model and text strings are changed into an integer respectively for matching, and the theory of the algorithm is proved. Optimized Intrusion Detection System has been tested and proved to achieve expectation, with high-performance real-time network's ability can work in Gigabit network environment. |
PDF Full Text Request