| With the development at full speed of the network technology, the network security question is more and more outstanding . The network invasion detection system as the initiative defence system, arise at the historic moment. It is no longer a fresh subject to invasion detection system. One of main challenge IDS face is that detection speed is too slow. The great majority IDS on the premise of not sacrificing quality of measuring at present, the data amount when being unable to deal with network of one hundred megabits at full capacity, but the goal difficult to more match of one giga-bits. IDS from the day of emerging, is working hard for improving one's own performance so as to the network flow of adapting to increasing rapidly constantly.This text has proposed invading the realization research of the detection system in one giga-bits.We have discussed in detail how to construct the engine of collection and analysis of data source the engine, utilized Libpcap to wrap up and catch the network data. Later the dataflow passed the incident engine, analyze the intact and deep agreement, the result based on different agreement analyses, form different incidents, then utilize the policy script to deal with in the treatment of the incident, if find the characteristic of attacking causes corresponding operation. Policy script with system similar to NFR N-Code the whole function explain the analysis script language carried outing particular, from realize functionally very similar to N-Code to for it, Utilizing system strong script language can it makes to be fully careful analysis to abstract incident that come out. Make up incident turn into engine employ agreement analysis and analytical capacity of script of layer can offer accurate strong invasion measure the function.Except that in the policy script floor matches the characteristic in invading, we allow user define, succeed simple rule some data packs of characteristic, incident turn into engine match according to rule network datum make and turn into the corresponding incident, incident these might result in , report an emergency and ask for help or increased vigilance production of information directly , make a further analysis , form tactics script senior anything else report an emergency and ask for help or increased vigilance probably too. When the rule will been written , we have offered the rule of detection systems of a lot of invasion to match advanced functions possessed : Match expression formula , a lot of rule related, rule and policy script mutual.After gathering and analyzing the technology of the engine and realizing after discussing the data source, measure systematic function to analyze to our invasion. According to the true environment, from CPU occupancy, memory rate of utilization, systematic throughput, packet-drop, test and assess parameter make intact test to our system, and then analyze and count the data tested and assessed. |
PDF Full Text Request