| The rapid development of Internet technology has greatly changed our lives,with which internet has produced inextricably link. However, along with theconvenience, the network has also brought about a lot of security risks to thework and life of social people. With the increasing complexity of the networkenvironment in nowadays, a variety of network security incidents occurfrequently and many a new attack method is invented, which has broughttremendous negative impact to our lives. According to the above, the defense ofnetwork intrusion is very necessary. The currently available intrusion defenseequipment, which has relatively good function, is applicable to large andmedium-sized network with expensive price and complex operation; andmeanwhile the intrusion defense system under Windows is mostly achieved withthe help of the kernel or the third part equipment. Based on the above idea,combining the Snort with the Windows firewall through a linkage technology,without the third part equipment, to develop a Windows-based intrusion defensesystem is introduced in the paper. The system defense strategy is automaticallyset to stop the intrusion and protect the host when the intrusion happens.Firstly, the intrusion detection, firewall and other related technologies in thecurrent field of network security are deeply studied and researched in the paper. Italso analyzes their characteristics and pertinence. After researching large amountsof relevant information about linkage technology, the feasibility of the program,combining the Snort intrusion detection system with the Windows firewallthrough a linkage technology, is determined. Secondly, after deeply analyzing theworking principle of Snort, the original algorithm is replaced by an improved badcharacter matching algorithm, which improves matching efficiency and reducesthe resources occupied by the system on the host. Meanwhile, combining the improved Snort with the Windows firewall through a linkage technology toestablish a dynamic intrusion defense System can effectively protect the securityof host. The linkage achieves with the full use of open-source and flexible plug-inextension mechanism of Snort. Adding linkage and linkage keywords to theoutput plug-in in Snort and modifying configuration files and rewriting matchrules can quickly link firewall and start the defense strategy to achieve intrusiondefense capability when the system is invaded.Finally, the entire system has been thoroughly tested, including theperformance and compatibility test of the intrusion detection algorithm anddefensive capability of the system. The results show that the improved Snortachieves the expected target with less memory and higher matching efficiency,and the system can respond in a timely manner and take defensive measures afterthe discovery of the invasion. |
PDF Full Text Request