Based On Pattern Matching Intrusion Detection Systems

According to current security problems of computer network, this dissertation explores a network-based Intrusion Detection System, called Signature-based Pattern-matching Intrusion Detection System, which could work on Distributed Intrusion Detection Systems and have a sample Expert Knowledge Database of Attack Signature Pattern, and studies its design in the domain of intrusion detection on computer networks.This dissertation introduces the classes of Intrusion Detection System, and studies the different ways in which Anomaly Detection and Pattern Detection detect intrusions. Subsequently, Signature-based Pattern-matching Intrusion Detection System, which is Combined with Expert Knowledge System, is suggested. According to CIDS (Common Intrusion Detection System) standard model, The author divided the Pattern-matching Intrusion Detection System into four functional module: Event generators, Event analyzers, Response units and Event databases; and explained them respectively. The dissertation also provided a Distributed Intrusion Detection System framework to realize distributed detection and centralization.The Expert Knowledge Database of Attack Signature Pattern is just the core of Signature-based Pattern-matching Intrusion Detection System. The dissertation established the principle for specifying the pattern of Attack Signature: the balance between precision and speed of matching; And presented examples of distilling Attack Signature Pattern of H1TP and FTP protocols. Also, the dissertation introduced a description language to descript the Attack Signature Patterns, which compose the Expert Knowledge Database of Attack Signature Pattern.The dissertation put forward a detailed design scheme of Signature-based Pattern-matching Intrusion Detection System systematically, which would be of some hint to the other systems alike. Great emphasis was put in key modules such as Protocols Processing module, Pattern-matching module, Log module and Intrusion Response module. In addition, the author discussed matching algorithm of Pattern-matching module and presented one based upon finite automata, which is applied in some products.