The Design And Application Of C/S Mode IDS Based On Snort

Along with the rapid development of the network, the event that the personal data and important enterprise resource information is exposed frequently happens. As the endless hacking event, corporate data suffers varying degrees of damage, which has the largest influence is tens of millions of users’passwords was leaked and these users came from many famous sites such as CSDN、 RenRen etc. Along with these events, the issues of information security also attracted people’s attention. Intrusion detection technology is an important component in the network security, same as firewall, data encryption, and other traditional security measures. It monitors and prevents the real-time behavior in the network.Currently, the detection methods of intrusion detection systems are mainly divided into:abnormality detection and misuse detection. The detection method of the anomaly detection is like this:firstly, it defines the standard of normal data, after it captured the information from the network or other place, it will compare these data with the standard.If the data is not meet the standard, the intrusion detection system will alert.This method has a higher false alarm rate. The method of misuse detection is like this:firstly, it save the characteristics of known intrusion, then compare the captured information with these characteristics. If these data is consistent with these characteristics, the intrusion detection system will alert. This method has a higher missing report rate. Snort is an open source intrusion detection system based on misuse detection, which has the advantage of cross-platform and lightweight.This paper firstly analyzes many security threats in network environment, which presents the importance of intrusion detection system, then describes the components and working principle of intrusion detection system, followed by analysis of Snort’s main detection engine and rules. Next, I introduce the key technology to improve performance of intrusion detection and to resolve the contradiction between the gradually increased workload of intrusion detection systems and the gradually increased rule base. On this basis, firstly, this paper adds the width-first searching algorithm based on depth-first searching algorithm; secondly, this paper presents an idea of a C/S mode Snort, this idea increases server support for traditional Snort, to share the workload of client Snort. Thus, we can improve the work efficiency of Snort in two ways.