Design And Implementation Of Lan Security, Port-based Traffic Analysis Detection System

As information technology and computer network are developing rapidly, Network Information System security problem has become one of the key problems. Traditional network intrusion detection system have done a lot of work to achieve a certain function; But there are also some defects : a high rate of misjudgments, ordinary detection efficiency, heavy load of the detection system and other problems. The main reason for this is the source of the data for analysis is a single, relatively simple structure, the matching rules have not enough distinction. Based on the shortcomings above, we propose a network intrusion detection system which is based on port scan detection, protocol analysis and traffic analysis. The detection system uses port scanning detection and network traffic Analysis for the pre-testing before the rule-matching. Such detect structure guarantee higher detection rate conditions with significantly lower false alarm rate and lower system load. In the implementation of Port scanning detection module, we made some improvement to the port scanning detect theory base on port distribution. We use data infusion theory to combine two theory to improve the performance of the system. After that, we did some testing for the system and then provide the result.