Research On Application Of Snort Based Ids Technology To Military Information Network

With the rapid development of network technology, there has been a great change of the people's life and production system. The military informationization is an important aspect of the current military force's construction. The development of military informationization has been promoted by the completion of the military training network. It has changed the traditional military training model. But the network is a double-edged sword, has brought us convenience and then brought the security challenge to us. As an important network security technology, the intrusion detection system can protect our network in real time and become a research hotspot.As a lightweight open-source intrusion detection system. Snort can be deployed in different network environment. To improve the efficiency of the intrusion detection, on the base of analyzing structure and working principle of Snort, two new improvement methods were put forward. First, an improved pattern matching algorithm of Snort was proposed. This algorithm makes use of singleness of the last character and the next character of string. At the same time, the information of string is taken into account. It can bypass inspection of as many characters as possible and reduce the times of comparing. Second, a new method of the optimization of rules was introduced. According to the new characteristic of Snort, this paper proposed combining dividing subsets by priority value and adjusting the sequence of rules dynamically. Experiments show that these two methods can improve the efficiency of the intrusion detection system.To protect the military information network effectively, on the base of analyzing the insecure factor and characteristic of it, by using a typical architecture of snort, a distributed Snort-based intrusion detection system was designed. According to the typical internal network structure and network applications, the deployment and strategy design were carried out. Finally, the feasibility of this design was tested by establishing a laboratory environment.