Intrusion Detection System(IDS) is an active security technology, which can detect some unauthorized use of system users and external hacker attack through system monitoring, and take measures to hold back intrusions. With the popularity of Internet, network-based IDS has attracted increasingly attention, and also it's faced with some challenges. In this paper, we discuss the network security, then introduce the history, current situation and development of IDS, the architecture of IDS, and analyze problems of the current system. We analyze the architecture and the working process of Snort, and expand the rules related to analysis of network data. The whole system frame is divided into seven parts:network packet capture module, network protocol analysis module, rules analysis module, intrusion event detection module, response module, storage module and interface management module. We design the seven modules, and through analysis realize network packet capture technology, network protocol analysis technology, rules analysis technology, and intrusion detection technology. Finally, we make a summary of work done. |