Research And Design Of Ddosattackdetection System Based On Snort

The world today is in the process of knowledge economy era, Under the background of information society, computer and Internet technology is playing a more and more important role. With the rapid development of the Internet, as a result of the openness of the network, security events bring increasingly serious security issues, modes of attacks are constantly changing.As a kind of network safety protection means, intrusion detection system monitors network and system state and monitors usage of network and system, to determine whether there are attacks come from the external network intruders, or unauthorized operation from internal legitimate users. Snort intrusion detection system is the most widely used intrusion detection system in the whole world, it has the ability of real-time traffic analysis and monitoring network data packets. Snort intrusion detection system is a real-time traffic analysis system. Snort intrusion detection system can capture data packets on the Internet and analyze them according to pre-defined rules. However, with the ever increasing amount of data and the emergence of large data, model base of the Snort intrusion detection system has also corresponding expanded, leading to a lower detection efficiency. The key to improve the performance of Snort intrusion detection system is to optimize the detection engine, to search for a more efficient pattern matching algorithm, and that is the bottleneck of the whole system.This paper introduces the concept and principle of DDoS attack, and then studies common ways of DDoS attack and DDoS detect. On this basis, this paper introduces the Snort intrusion detection system. Then this paper does a research of the architecture and classification of intrusion detection system. And then this paper makes a study of the work flow and mechanism of rules analysis and pattern matching.In this paper, the pattern matching algorithms are studied. Pattern matching is a common analyze technology for intrusion detection system, and pattern matching algorithms can be divided into single mode pattern matching, and multi-mode pattern matching. This paper has studied several common single mode pattern matching algorithms and multi-mode pattern matching algorithms, including BM algorithm, AC algorithm and KR algorithm, and the time complexity and space complexity of several algorithms are compared. Based on the existing algorithms, an improved scheme is proposed, and then the improved algorithm is described and realized.This paper gives the detailed design of DDoS attack detection system based on Snort. Based on the study of related technologies and Snort intrusion detection system, this paper has designed each function module of the system, and each module are described in detail. Then the system work flow has been shown. The detection system in this paper has applied the improved algorithm, and has configured database to form a complete detection system.This paper has realized the DDoS attack detection system based on Snort and has done some tests for validation. In this system, both existing and improved pattern matching algorithms has been tested to verify system capability and performance of the improved pattern matching algorithm. Finally, a correlation analysis was carried out according to the test results.Through the above work, this paper has completed the function of attack detection system, and has improved pattern matching performance of ascension.