The Research And Design Of Network Instrusion Detection System Based On Protocol Analysis

In the past few years, being treated as a gradual-completed commercial productthe network intrusion detection system has been accepted and utilized, which alsobecomes an integral part of the network safety protection system. Intrusion detectionis a sort of positive safety protection technology. It extracts information from severalkey points which exists within the computer network system, and analysis whetherthere are any network intrusion activities or any signs of it, so as to ensure theusability, integrity and confidentiality of the system resources. However, at present,the existing high false alarm problems of the network intrusion detection system havedone massive harm to the reliability of the network intrusion detection system, andbecome the vital factor which can has great impact on the network intrusion detectionsystem’s further development; the choke point for further expanding of the market.This paper aims at concluding the certain research of the network intrusion detection’simprovement.This paper initially introduces the background and significance as well as thepresent situation of the research at home and abroad of the network intrusion detectiontechnology. Then briefly state the theorem of network intrusion, analyze thedeficiency in the present stage of intrusion detection technology and its developmenttrend, and put forward an effective improvement plan. Some main improvements asfollow:First, according to some problems which exist in traditional schema matchingtechnology, like large amount of calculation, distorting rate and high rate of fail, anew sort of testing technology based on the analysis of the agreement is put forward,which makes full use of the TCP/IP protocol rules to detect the attack’s existingpossibility, significantly reduces the match detection of calculation and improve thedetection’s accuracy.Second, according to protocol analysis technology still having some deficiencies,in the analysis of Hypertext Transfer Protocol, this paper does some research in thefield of information search the most of some classical algorithm, KMP algorithm andBM algorithm, with the protocol analysis technology combined. Third, to the packet captures module of the intrusion detection system, thetraditional way using Winpcap library or Libpcap library implements. And in thisarticle, the JAVA technology is used to invoke Jpcap library to capture packet, so thesystem has nothing to do with the platform. Both Windows operating system andLinux operating system are compatible which provides the system a better portability.In this paper the use of protocol analysis techniques, combined with schemamatching algorithm, the design of an intelligent intrusion detection system, in whichthe network packet capture module protocol analysis module, memory modules ofnetwork packets and intrusion rules parsing module and other key modules.