Network Intrusion Detection System Detects The Engine Design And Implementation

With the rapid development of network, the improvement of the information systems, numerous economic interests and society interests, security is becoming a more severe problem. The most dangerous of network is computer virus and hack intrusion. The fast speed of network facilitates the intruders. Not only the modes and the methods of intrusion are becoming more and more complicated, but also the technique of the intruders is improving constantly. As the scale of intrusion expands, more and more computer systems were attacked. How to protect the network systems from intrusion is now an urgent problem needs to be solved. As a kind of active network security protection technology, intrusion detection system not only detects the intrusion from the extranet hacker but also monitors intranet users. It identifies and responses vicious behavior of using host and network resources.First, on the basis of the analysis of network security defects, the IDS is introduced. The ID analysis methods have two ways: one is anomaly detection and the other is misuse detection. Nowadays, the most popular IDS is network intrusion detection system using misuse detection method. Misuse detection technology is used to implement intrusion detection system based on network. Pattern match is used in misuse detection. Misuse detection technology first is to analyze known attack, pick up characters of attacks, and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened.Secondly, on the basis of introduction to the normal intrusion methods and state of art of network IDS, contemporary challenges and trends are discussed about IDS.Finally, the author plans and completes a network IDS which adopt the protocol analysis and pattern match method. This paper uses the rules definedin Snort, and the parsing program for the rules has been implemented. Improving the speed and efficiency of rule detection by establish rule options indexed link list and adjust rule order dynamic. According to the different protocol, preprocessing Module includes the part of decoder of protocol data, IP fragments reassembling and TCP stream data reassembling. The rule detection module, which improves BM matching arithmetic and increases the system' s performance, makes the system run faster.