An Improved Snort Intrusion Detection System

With the popularity of the network, a variety of network security issues hasaccompanied by, a variety of network security technology has also been rapiddevelopment, especially the intrusion detection technology, has been a research focus innetwork security filed in recent years. Snort intrusion detection software has been widelyused as the advantages of open source free software, and its small size, fast response.However, its inherent abuse detection mode so that it can only detect known attacks andunknown attacks on the powerless. Another drawback is that the rule database updaterequires administrator intervention, need human regular update the matching rules whichsystem needs to be supplemented.Firstly, this paper introduced the emergence and basic concepts of intrusion detectiontechnology, and the generic model of intrusion detection systems, and a variety ofclassifications, and detailed analysis of the Snort intrusion detection software workprocess, the rules and Snort plug-in mechanisms.Then, through analyzing the two main drawbacks Snort existing, the system needs onthe one hand with a combination of anomaly-based intrusion detection technology todetecte unknown attacks, on the other hand the introduction of an association rule miningtechniques to extract the unknown attack rules automatically. Through analysis andresearch dynamic clustering algorithm in data mining technologies, an improved dynamicclustering algorithm based on improved particle swarm optimization algorithm isproposed, and as Snort theoretical basis of the pre-detection engine module. This moduleimplements the anomaly detection function, can filter a large number of normal networkdata packet, to avoid unnecessary match time, help Snort system to achieve the detectionof unknown attacks.Again, through in-depth study of the Apriori algorithm in association rule mining, animproved Apriori algorithm is proposed, and as Snort association rule mining module, canachieve to extract unknown attacks rules automatically, and add rules to the rule base.Finally, through set up experimental platform to test the improved Snort intrusion detection system, test results show that the improved system can shorten the detectiontime, at the same time to alarm the unknown attack, still can automatic update rule base.