| The Internet is developing rapidly as the increasing quantity of websites is amazing. Based on a survey conducted by Netcraft CO.,LTD, The number of the internet websites have increased 9 million in March 2010 compared with last month, the total number of the global websites reach 224,749,695 .In China, the famous blog site--Qzone become the most rapidly growth website. By March 2010, the number of the blogs has come up to 29 million. With the development of the Internet, all kinds of Network Attack have been appearing continuously.NIDS (network intrusion detection system) become the focus of the Network Security research, which is used to detect intrusion behavior and malicious data pack. This thesis provides a new design and implementation of NIDS system and proposes methods to improve system performance. The thesis mainly focuses on:(1) Related background technique, including the theory of IDS, pattern of IDS rules, composing form of snort rules and background of multi-core(2) Researching the application of rule set, involving the composing form of the rule and the searching of the rule. Through comparison with the composing form and the searching of the rule of snort, this thesis combines a dynamic rule detecting mechanism including dynamic adjustment and static adjustment and a new rule composing form (Hash-Based Detection Engine), which compared with snort is more efficient.(3) Researching data parallel detecting technique on the condition of multi-core. First slicing the data packs and then distributing those slicing to different processor for detecting. This thesis introduced a method called"fragments overlap"on the phrase of slicing, which can efficiently avoid the under report situation. Comparing to the technique of snort, our new data parallel detecting technique is more efficient.(4) Implement an IDS based on the technique introduced above in the environment of multi-core processor. |
PDF Full Text Request