Building Intrusion Detection System Snort-based Lan

With the rapid development of computer network and its applications, especially the extensive use of electronic bank and electronic commerce, network security becomes a more and more important issue. At the same time, Local area network's security is also a subject matter which the current various departments face, Is engaged in this research to have the important theory significance and the widespread application prospect. The intrusion detection is in the network security system an emerging technology, it is one kind of initiative defense technology, Is also the focal point which the network security pays attention.IDS is an important complement of firewall, The basic function is monitors the flux of internal network, And to the important attack characteristic which or the deviant behaviour distinguishes carry on the warning, Surveillance from internal network to firewall and other main engine's attack..This article presents a network security strategy, which is founded on firewall and IDS for ca mpus network that is based on open source code software.The strategy is implemented with the support of snort NIDS, a famous network intrusion detection system. And the article also deep research invasion detection System correlation technique, has conducted the research to opening source code's network invasion examination system Snort, And to its examination model, the examination principle, examination engine aspects and so on work flow, system overall construction as well as system plug-in unit mechanism has carried on the thorough analysis, On this basis Has conducted the following two aspect research and the improvement in view of the Snort system model matching algorithm and the diary warning document's deficiency. First, Based on the classics BM algorithm and in the improvement algorithm, Proposed based on the characteristic pattern matching algorithm, Raised the intrusion detection's efficiency and the speed, meet the request of the high speed network to the intrusion detection system's. Next, Designed and has realized the diary warning management system, this system used the database middleware technology, Has shielded the diference between the different database, Has the good probability, At the same time has provided function of inquiry, analysis, statistics and so on, Enhanced the network administrator's ability to analyze the diary warning.