Algorithm Research Based On SNORT Intrusion Detection System

With the continuous development of Internet technology, network security questions have already become the focal points of attention. Series of network security technology, such as firewalls, network encryption technology appeared, but these techniques are passive protection for network or host from attack. In order to actively defense attacks and make the systems safely before the invasion accrued, Intrusion detection technology was invented. The existing intrusion detection system usually collects packages on the network by existing attack mode for matching. The way matching of the detection rate is high, but to unknown attacks and known variants of attack it is powerless. The bayesian technology introduced into the intrusion detection system, which can match the attack mode, and known for unknown attacks and attack varieties, also has good Success rate of detection and improves the system detection accuracy and completeness.Mainly research in this paper is follows:(1) Improved adaptive bayesian algorithm, and proposed a scheduling algorithm based on flow size limit. Analyzed the adaptive bayesian algorithm, pointed out the adaptive deficiency of the bayesian algorithm, and proposed an improved adaptive bayesian algorithm;According to the system’s abandoned packages theory, we put forward a kind of used to select the abandoned bag size limit flow scheduling algorithm.(2)We designed an intrusion detection prototype system based on SNORT system. Added SNORT log audit sensor and choose abandon package engine into SNORT, we described the details of the design and implementation of these plug-ins, make SNORT intrusion detection system update rule library ability automatically, and improved the SNORT intrusion detection system data throughput.(3)We did some simulation experiments to performance analysis. The improvement of the adaptive bayesian algorithm experiment shows that this algorithm is feasible and has high efficiency of detection. We put forward to the prototype system and the original SNORT intrusion detection system for the performance of the experiment, the prototype system has proved to have detection capacity of unknown intrusions,and we also verified the prototype system is efficient to detection rate.