| At present, the application of computer network has been quite common, and has a profound influence on people’s life style. The Internet has brought us convenience, and more and more security. Network intrusion and attack problems occur every day. How to enjoy the benefits of the network, but also from the network intrusion and attack damage, has become our growing concern.Network firewall can protect our system to a certain extent, to avoid the victim of the network security problem, it is often referred to as the first line of defense of network security. Once the first line is a breakthrough, we need a second line of defense deployment. Intrusion detection system can be used as an ideal choice. At present, there are multiple intrusion detection products in the protection of our computer network, which is the most representative of the Snort. It is a rule based packet inspection system.Based on the research of intrusion detection system and Snort system, we developed a simple rule based data packet inspection system, which is named as Packet Guard. It was redesigned in many places, compared to Snort.Taking into account the instantaneous peak of the packet, we have added two buffers and two thread pool in the data packet capture and preprocessing stage, which makes the system have the ability of multi thread concurrent processing data packets. We design the most data packet inspection rules, making the use of the rules more flexible.On the management of data packet inspection rule, we present a method of using the de set, high temperature set and low temperature set to manage the rules of three sets. This method improves the speed of the scan rule set when the packet is detected. This makes full use of the characteristics of the data packet and the relative concentration of the packet attack in a period of time.In the system structure we increased outreach module and between multiple systems to send each other test results and rules, which makes multiple systems can collaborate together, common to data packets are detected. This improves the response speed of a single system to respond to threat data packets. Finally, we explain the control ability of the control management module to the system performance. It can be adjusted according to the current state of the computer system environment and the state of its own state, as far as possible to reduce the occupancy of system resources.At the end of the article, we have tested the system’s each module, the test shows that the system has achieved the function and target of the target.The research and development of this system is an exploratory study of the working principle of the data packet inspection system. It is a test of some new methods, which is of great significance to the further research of the intrusion detection system and the network packet inspection system. |