| Intrusion detection technology collects a number of key points in the information of computer or network, to monitor the computer or network operation system to attempt to find a variety of attacks, aggressive behavior or the result of the attack. With network safety problem gradually austere, IDS on its characteristic having made up the deficiency of tradition safe protection, becoming the important component of the computer and the network safety.Currently, there are many kinds of methods and models about intrusion detection, but statistical methods,Data mining and expert system mainly. They each have their own advantages and disadvantages, but the purpose is to analyze data, improve the accuracy and efficiency about intrusion detection system. With the rapid development of high-speed network, generation of network data rate far exceeds the processing capacity of intrusion detection system, constantly bringing new challenges to NIDS. When computing power can not be met, Intrusion detection system will ignore some packets, caused by omission. How to improve the performance of intrusion detection system under high-speed network has become an important part in intrusion detection area.As the network data flow characteristics of sudden, that at a time, particularly large network data traffic, some point in the other, network traffic may be relatively small. From the perspective of intrusion detection, the sudden is the intrusion detection system may be at particularly busy times the state, the intrusion event from a large number of network packets must be detected within a very short time, and make these real-time response to the invasion; in the other period of time, intrusion detection system may be relatively long period of time are not captured packets, therefore, relatively free. Accordingly, we propose selective packet discarding that discarding those packets which less affected detection accuracy under load.As a well-know open source network intrusion detection system, Snort have been widely studied and used in the industry for its protection information systems security effectively. Snort's structure consists of several software modules, these modules are combined with plug-in models and Snort, very convenient extension. Among preprocessor, stream5 and frag3 are the basic of the two preprocessor plug-in which complete merging work of the data in multiple packages. Our discussion is to increase selected packets discarding in this level. Part by selectively discarding those packets which little effect on the detection rate or rather did not affect any, that reduce the amount of data delivering to NIDS detection engine, it's will be a better idea. |
PDF Full Text Request