Based On Protocol Analysis, Intrusion Detection System Design To Achieve

Nowadays, with the rapid development of the network technology, the current situation of network security is becoming more and more worrying. All kinds of technologies of network security are ceaselessly developed with the appearance of the importance of network security. The passive network security technologies, such as encryption and firewall , is insufficient to provide effective guarantees of network security.As a aggressive network security technologies, Intrusion Detection System can detect some set of intrusions and emerging events, provide effective supplement to the traditional security protect technology. We put forward a kind of network security monitor model based on the network intrusion detection system, and debate its research of the implementation in detail.Network intrusion detection system is now facing great challenges because of the emerging of high-speed network technology. How to make the system process and analyze a great number of packets effectively is a difficult problem that every NIDS must solve. What is more, it should decrease or even avoid losing packets and improve interaction of components and other security products. We made some improvements in the system architecture and packet capture module and analysis method of the IDS and got satisfactory results.The packet capture module is the base of entire system. At present, most NIDS develop their packet capture module based on libpcap library whose windows edition is winpcap. Allowing for development efficiency, we also program packets capture module in winpcap. By following methods such as increase receiving buffers and packets capturing threads , we enhance the capturing efficiency and reduce the ratio of losing packets.Intrusion detection method is the key of IDS. Nowadays, We use protocolanalysis combined with pattern match in detection method that can minish the range of matching objective, improving the accuracy and efficiency of the system. At the same time,we improve the algorithm of matching, it also can apparently improve the performance and applying value of IDS.The dissertation makes it significant to help corporation establish the network security system and implement IDS.