Design And Implementation Of DoS Attack Defense Plug-in

With the popularity of computer network applications,the network to bring people convenience at the same time,its openness also led to frequent network security incidents.In many security prevention technology,intrusion detection technology and its constitute the intrusion detection system has become a more commonly used security testing tools.In the intrusion detection tool or the corresponding intrusion detection system,because the Snort system has a high openness and its extensive,so become the current intrusion detection has a wide range of use.The Snort intrusion detection system has the ability to monitor network packets and perform real-time analysis of data traffic in the network,and to customize the data packets on the network by tailoring the rules.However,there are some attacks can not or difficult to judge through the characteristics of the need for statistics to analyze the existence of the attack.This paper introduces the basic knowledge of intrusion detection technology and the Snort intrusion detection system workflow,a variety of plug-in principles and their functions,the implementation of the plug-in process and the implementation of some of the rules and the matching mechanism of the corresponding mechanisms are more detailed The introduction.Through the individual chapters to elaborate on DDo S(Distributed Denial of Service)attacks based on the content of the attack detection plug-in and its principles.Based on the research on the related technology and intrusion detection system,the function of the plug-in is designed,and the modules in the plug-in are described in detail,and the plug-in work flow is given.In addition,as the design progresses in the step-by-step test intrusion detection system to complete the attack plug-in testing work.In this paper,the use of DDo S attack detection system to fully verify the plug-in function and statistical results.Through the above work,this paper has better completed the Snort plug-in function,the experimental results show that the plug-in through the statistical analysis can effectively detect the existenc of the attack.