| With the development of computer network technology, network threats are growing and increasingly complex. How to ensure the network communication security at the same time to enjoy the convenient which network brings us has been paid more and more attention.In order to improve the safety of network system, network intrusion detection system has been accepted and used by more and more people. After recent years of development, the network intrusion detection system has become a very important part of network security system. But the matter of high false positive rate and high false negative rate is a key problem which is restricting the development of network intrusion detection system.This paper presents a new design which has internal rules and external rules with pattern matching technique, protocol analysis technique and Expression analysis technique. In external rules, the design of a new threats description language, similar to traditional programming languages, understandable and powerful. Inside rules enriched the logic in detection so that complex threats or even which with status can be detected now. Compared with the system available, this new design is more accurate and more powerful.The main work of this thesis is as below:Integrate expression analysis technology into detection of external rules to improve their ability of detection and logic expression. Beside this, traditional pattern matching is also been used with some optimization of quick pattern matching and multiple pattern matching.Besides the using of external rules, some inside rules are also been declared in system which are forced on complex threats or ones with status. With the help of introduce of method of status detection and anomaly detection, the modified system will be able to detect some unknown threats.And also the multi-tier buffers which can help the detection system have a better performance in a high speed network environment. |
PDF Full Text Request