| Intrusion detection system is a kind of dynamic safety-defend measure to detect attacks against computer system and the user's excessive authority by monitoring the situation and behavior of the network and computer system. It is the necessary supplement for traditional Firewall.Nowadays, high-speed network is the inevitable trend. With the rapid improvement of net speed and the emergence of various attacking means, the existing NIDS cannot effectively deal with the missing detective information in high-speed network. In order to solve this problem, the author makes much research on it:1. It analyzes the Intrusion Detection System models and various intrusion systems domestic and abroad. So it grasps the current developing situation and tendency on the whole.2. It makes an all-around study on the security of TCP/IP Protocol so as to grasp the original limitations of security and lay a basis for later work.3. It studies and designs the whole structure and functional modules of NIDS, especially pattern matching in the detection engine.4. It investigates and devises a hardware intrusion detection system, which firstly uses multi-pattern matching. It matches twice because it is the fully matching for normal packs, not the detection against malicious packs which consumes most system resources. The first match drops a great deal of irrelevant information; the second one deals with precise matching. This method is quite different from the current one and greatly improves the detective efficiency of the system. The first match can be realized in simple, fast hardware that solves the difficult problem in current algorithm. (It is hard to realize the current algorithm in hardware.) Thus greatly improves the matching speed. |
PDF Full Text Request