| With the constant deepening of network security, the traditional network security technology is meeting a lot of problems, as a proactive security defense technology, intrusion detection technology attracts more and more attention. However, there are also a lot of problems in the development of intrusion detection technology. Such as inefficient capture filtering and reporting, resources' waste of analyzing enumeration, inefficient pattern matching algorithm, pattern library does not recognize the new invasion, security technology can not be linked coordination, and so on.In this paper, the theory of network security and intrusion detection are studied at first. And through analysis, this paper identified the theoretical basis for this study.Then, this paper focuses on the design of the important modules of invasion system. And make a optimization of the main functions. Specifically includes:1.The design of capture module.Discusses three kinds of filter and choose BPF as capture filtering mechanism.2.The design of analysis module. Choose protocol analysis method. Extract the data of the packet by using each protocol on its each field.3.Build a common language to describe the invasion case, which enables the system to generate model dynamically and add it to the model library when meeting new intrusions. In this way, solve the problem that the pattern matching can only identify the already existed invasion, thus maintain the low-overhead and high flexibility of the pattern library.4. Design of detect module and use two step to gain information. First step is making model to be decomposition by using model analysis, which is used to extract invasion feature. Second step is putting the global variable which is in analysis module into protocol variable which is in detection module.Then, do pattern matching in three steps. First step is using relationship combination to match. Second step is doing pattern matching according to the structure of incident expression. Third step is matching integer variables. 5.This paper also optimizes the characters matching algorithm of pattern matching. On the base of single pattern matching algorithm such as KMP,BM,BMH,QS,LED, and on the base of multi pattern matching algorithm such as AC, MWM, SBMH, this paper put forward AC-BMF, a multi pattern algorithm which is fast moving, and further put forward LED-SA-AC, a multi pattern algorithm which is fast moving and matching efficiently. And make moving and matching unified in multi pattern matching.6.This paper put network security as a whole works to deal with and builds a active in-depth system, which is based on detection system and coordinates with anti-virus software and firewalls.Finally, this paper makes experiments to the designed system and algorithms to prove the desired results. And make a conclusion of the work, prospect the future work. |
PDF Full Text Request