The Campus Network Intrusion Detection Systems And Implementation Of The Next

With the rapid development of computer network and its applications, especially the extensive use of electronic bank and electronic commerce, network security becomes a more and more important issue. At the same time, the security of campus network is also an increasingly highlighted problem confronting with most university, research on security of campus network has a theoretical significance and an extensive application foreground.The thesis analyses general network security architecture of the campus network, which is the firewall architecture of iptables-based packet filter and squid&socks-based proxy server. In general, campus network is rarely equipped with Intrusion Detection System (IDS). As a kind of significant network security technique, IDS is an important complement of firewall although it cannot take the place of firewall. Fundamental functions of IDS include: monitoring the traffic of interior network, giving an alarm for aggressive feature or abnormality that can be recognized, preventing firewall and other masters from attacks coming from interior network.The thesis presents a network security strategy, which is founded on firewall and IDS, for campus network that is based on open source code software. The strategy is implemented with the support of snort NIDS, a famous network intrusion detection system. Besides abilities to analyses network traffic and to log network data package, Snort can also implement the analysis of protocol. Moreover, since it can search and match by contents, Snort is able to check out different types of attack and give real-time alarm.Snort NIDS belongs to a class of special application which is based on string match technique, it requires the excellent performance of the real-time pattern match, especially in the context of campus network. If the speed of IDS's inspection cannot keeps up with that of data transmission, then some data packages may be run out, which sometimes even cause the Dos attack, so correctness and efficiency of the system is affected As a consequence, the performance of IDS is badly determined by that of the pattern match algorithm. The thesis mainly aims at improving the performance of the pattern match algorithm used in IDS, speeding-up inspection of the snort, improving safety and correctness and reducing the cost of system resource.Pattern match algorithm has been extensively studied recently. Snort IDS relies heavily on the Aho-Corasick algorithm, which, based on Deterministic Finite Automata (DFA), is a multi-pattern search algorithm, whose characteristics is thelarge memory requirement to store the table of state transition, has a significant speedup and implement multi-pattern match at one times. The worst-case and the average-case performance of Aho-Corasick algorithm are the same in that its performance is unaffected by the length of pattern string in pattern group, so it is a very robust algorithm for IDS. In order to optimize the Aho-Corasick algorithm, the thesis researches on some basic sparse matrix and vector storage formats, and the Banded-Row format was exploited to optimize the Aho-Corasick state table, thus an improved algorithm which reduces memory requirements and further improves performance on large pattern groups is presented. Finally, the comparison, including performance, storage requirement and speed, when the standard AC algorithm, the optimized version AC algorithm using full matrix storage, and the improved AC algorithm using Banded-Row storage are executed in the context of snort test respectively, is listed.Main works of the thesis include:1. A network security strategy, based on firewall and IDS, for campus network is presented, and it is implemented by software based on open source code.2. Researched on Intrusion Detection System together with pattern match algorithm.3. Analyze Some basic storage formats of sparse matrix and vector.4. A sparse storage format is proposed to optimize Aho-Corasick pattern match algorithm used in snort IDS, and simulated results are compared when different sparse storage format are exploited to implement Aho-Corasick algorithm in snort IDS.