Research And Implementation On Intrusion Detection Technology Based On Protocol Analysis

With the development of Internet technology, more and more activities began implementing on the Internet, such as e-commerce, online store, online teaching and so on. It accompanied by a variety of incursions and information leakage events. Network security has become an international issue, with the growing complexity and diversity of network attack tools and attack tactics. Relying solely on the traditional network security measures had been unable to meet the safety requirements of the network in recent years. Frequent outbreaks of hacker attacks also proved this point. Therefore, the study of information security is an important task and attack detection technique is worthy of study.Attack detection is a proactive security protection technology providing security for the network and host. Faced with today’s complex variety of means of attack, various drawbacks of the traditional attack detection method based on pattern recognition surfaced. In order to better detect attacks and intrusions, it is of great significance to combine the pattern recognition method and protocol analysis.This article details the concept, classification and measure of attack detection. By thorough study of protocol analysis, protocol rules and feature matching technology this paper achieves a set of attack detection system with the combination of protocol analysis technology and the traditional pattern matching techniques. In the overall design of the system, the system includes traffic interception module, protocol analysis module, attack detection module, data storage module, response module, and data display module. Attack detection system grabs the current network traffic in real time, and parses packets according to TCP/IP protocol, and then matches the current network data to determine whether there is an exception request based on known attack patterns. If there is a possible exception of attempting to invade, the system will record this behavior down to prepare for post-query and analysis, and real-time alert to the network administrator. In addition to paper implements a vulnerability database. The vulnerability database provides detailed information and corresponding method of attack disclosed, can provide load-simulated attack and provides security defense method for a variety of known vulnerabilities. In this paper, the vulnerability database and attack detection system combined with organic. When detecting attacks, administrator can see more details of the attack corresponding vulnerability management interface, vulnerability and attack defense method.The system uses the advantages of the network protocol to reduce the complexity of the work, the use of pattern matching to ensure the accuracy and low false negative rate detection. And combination of the system and vulnerability database, the system can better find and defense against known vulnerabilities.