Design Of An Intrusion Detection System Based On Protocol Analyze Method

With the rapid development of technology and economy, the variety of computer-based applications is becoming more and more important in people’s life. Meanwhile, problems of network-security are deteriorating, which greatly challenge both the network-security technology and system.Despite of the positive security methods such as firewalls and data encryption, intrusion detection has drawn much attention as one of the negative methods, becoming one basic technology in network maintenance and one important method in detecting intrusions. Cloud computing technology is a kind of computing model that combines with network storage technology, distributed computing technology and load-balance technology, providing dynamically scalable virtualized resource by the network. The cloud computing technology, whose essential concepts like distributed computing, resource virtualization and dynamic load-balance can be an example to the intrusion detection system that faces the problem in mass data processing and rules maintenance, has been successfully applied to a variety of fields.It is under the above circumstance that this paper is proposed to design a protocol-analysis-based intrusion detection system strictly comply with the software engineering after discussing the rule definition language and rules organization, the plug-in mechanism and rules match method. This paper focuses on the design and implementation the architecture of intrusion detection system with preliminary exploration in the combination with cloud computing technology, aiming to achieve a normative intrusion detection system with flexibility and scalability. The intrusion detection method used in this paper to discover intrusion is based on protocol analysis, which captures original network packet that then be parsed into meaningful protocol fields further used to match with the predefined intrusion detection rules. In terms of the normalization, a relatively flexible and generic definition language of invasion rules is implemented. In terms of the organization of the intrusion detection rules, the three-dimensional linked list is used. In the aspect of the scalability, this paper designs flexible intrusion detection plug-in mechanism which may theoretically implements unlimited detection capability with the definition language. The capability of uploading suspect packets and pulling or pushing rules is also implemented.