Research And Implementation Of Hybrid Intrusion Detection System Based On Snort

In recent years, the rapid development of Internet, greatly promote the social life and economic and cultural development process, human beings are enjoying the computer network brings us the convenience and fast, but also more and more feel network security problem for our proposed severe challenges, the network crime increasingly serious. Antivirus software, firewall technology and intrusion detection products etc, to jointly maintain arise with modern network safety running, in network security technology unceasing development today, how to make the defense of network security system from the passive into active is for us to study the new content, therefore, intrusion detection technology has become network security architecture indispensable part.Snort intrusion detection system, a famous open-source intrusion detection system, can effectively protect the system information safety, deeply network security field attention, many experts and scholars engaged in the research and development and use. As the network resources increase gradually, network flow constantly improve and network attack type change multiterminally, cause Snort cannot meet the requirements of the development of the network, thus missed some complex network attack behavior to the system have serious consequences. Therefore, how to improve Snort detection efficiency, enhancing its detection performance has become intrusion detection to the research of important content.Based on the analysis of the advantages and disadvantages of the system Snort research, on the basis of using its open source and support plug-in advantage, in view of its to new intrusion detection, behavior cannot be relatively high and detection speed of fail to lower, issues in the basis of Snort system combining the current intrusion detection data mining technique is proposed based on a hybrid Snort system intrusion detection system model. This paper is mixed intrusion detection system model is Snort system in the original basic function module based on increased normal behavior model construction module, anomaly detection module, classifier module, the rules, dynamic generation module function expansion module. Snort system in dynamic rule generation module add, make the improved mixed intrusion detection system with dynamic rules expansion mechanism, to detect new intrusion aggression, offset Snort typical misuse type of intrusion detection system of faults. In Snort system increased in the normal behavior pattern mining module, anomaly detection module, made the improved mixed intrusion detection system has simultaneously anomaly detection function.Finally, according to the system design model based on that implements a Snort of mixed intrusion detection system. Adopt Lincoln LABS sample data, using Profile test tools for improved system were tested. The experimental results contrast and analysis, and verifies the improved mixed detection system in detecting function, detection efficiency on an improved and enhanced. The improved mixed intrusion detection system can not only, also having dynamic expansion rules anomaly detection function. Thus greatly promoted system detection efficiency.