Based On Protocol Analysis, Network Intrusion Detection System Research And Design

As a kind of active security technique, intrusion detection system (IDS) not only can detect the unauthorized object to intrude the system, but also can monitor the authorized object to use the system resource unlawfully. With the internet be used increasingly, more and more people attach importance to the intrusion detection system based on network (NIDS). At the same time, it also meets many challenges. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detection. After introducing the corresponding background knowledge include the network security problems, the conception, mechanism and model of IDS, this paper focuses on some key techniques of the NIDS. Considering the NIDS problem of the capturing network packet and pattern-match detecting technique, the paper bring forward some effective solutions. The main solutions are showed as following: Firstly, this paper bring forward a improved fast hard disk writing (FHW) capturing packet method to solve the high rate of losing packet problem. It is clear that FHW method is very effective at reducing the rate of losing packet by testing results. Secondly, this paper put forward an intelligent pattern-match method based on protocol analysis to solve the vast computing amounts and a high rate of the false alarm problem of the traditional pattern-match method. The protocol analysis method takes good advantage of the high rule of the TCP/IP protocol to detect the attack, so the computing amounts can be reduced clearly. On the one hand, some attacks can be detected by simply comparing some special bytes value. On the other hand, the intrusion rules can be sorted into different parts by the TCP/IP protocol to reduce the area of pattern-match. At last, this paper design a network intrusion detecting system based on protocol analysis (PANIDS) by the intelligent pattern-match detecting method, and realize the key capturing network packet module, the protocol analysis module and network packet storage module.