Design And Implementation Of Campus Network Intrusion Detection System Based On Snort

Campus Network is an open network, in order to meet the needs of the largenumber of users and multi-media teaching at the same time, the campus networkbandwidth, and active user groups of college students, these are convenientenvironment for hackers. The same time, teaching in the campus network subnet,student subnet, administrative subnet has different characteristics, which are for theconstruction of the campus network intrusion detection subsystem brought greatdifficulties.In this paper, the characteristics of the campus network, campus networkintrusion detection system Snort-based technology research of the following aspects.Firstly, Distributed Intrusion Detection System architecture to the architecture ofthe campus network intrusion detection system different subnets has differentcharacteristics, such as teaching subnet is a large amount of data multimedia data; theadministrative subnet small amount of data, safety requirements; students subnet datatype is complex, and a large amount of data. In this paper, a distributed structure,according to the characteristics of each subnet, intrusion detection agent is installed inthe subnet, and centralized management server agent, so that the intrusion detectionsystem better able to meet the security needs of each subnet.Secondly, the campus network data traffic characteristics, mainly through thefollowing methods to improve the detection efficiency of the campus networkintrusion detection system. The one hand, based distributed intrusion detectionarchitecture, the re-design of the Snort rule base, thereby reducing each subnetintrusion detection agent rules that match the search space, improve searchperformance; same time, the pattern matching algorithm optimized to improve theefficiency of rule matching; In addition, effective communication with the firewall,thereby the attack detection to shut out, to reduce duplicate detection method for thesame attack behavior to reduce the attack amount of data in the network intrusiondetection efficiency.Studied in this paper is based on a distributed campus network intrusiondetection system Snort technology, not only can realize the detection of the campusnetwork attacks and improve the security of the campus network, while also focusingon the optimization of the performance of intrusion detection system, with a verygood value in use.