The Design And Implementation Of Network Intrusion Detection System Based On The Snort Technology

With the deepening of the degree of social information and the popularization and application of computer networks,communication technology and network technology have been developed greatly.In this context,computers have been widely used in all walks of life,and have brought about great changes in people's work and life.Especially after the advent of the Internet,the government,business,education and other fields and industries have carried out the use of computers,social patterns and people's work life style has also begun to be affected greatly.At present,the computer network has developed into the main mode of social exchanging information,the level of the country's information technology is also an important symbol of the comprehensive strength of a country.At the same time,the information security situation is becoming more and more serious,and the security of information network has been paid more and more attention.Among all kinds of common information security protection measures,the intrusion detection technology which is developed earlier has been applied in the firewall.However,the traditional firewall can only resist the invasion from the network outside,and when the intrusion comes from the internal network,the defense and monitoring function of the firewall can not be effective.As a security defense means for detecting,recording and auditing the intrusion from inside and outside of the network,the Intrusion Detection System(IDS)came into being.This paper introduces the Linux type firewall as the starting point,describes the current main stream intrusion detection technology,and leads to the requirement of intrusion detection system.Through the establishment of system target,the functions which the system needed to be achieved are sorted and analyzed,the system functional requirements and nonfunctional requirements are descripted and designed by using the flow chart and case diagram,and the ER diagram is used to program and illustrate the database structure in accordance with the design.In addition,through the use of rules matching and other key technologies,combined with the association rules algorithm,the performance and efficiency of the network intrusion detection system business is optimized;by using of the related technical means,the operation and visibility of the system are enriched and promoted on the basis of the application of Snort technology to strengthen the capability of intrusion detection processing.In addition,according to the relevant test technology standards,combined with the actual deployment of the system needs,the test cases are worked out based on the system's main functional modules and the corresponding test work is completed,and the test results are recorded,analyzed and confirmed.The intrusion detection system can analyze and do the early warning in the early stage of the occurrence of the harm,and can take corresponding security measures to a certain extent,so as to avoid the intrusion attack hazard which can affect the safe operation of the information system.Therefore,as an important security technology protection measure of the information system,intrusion detection system needs to be studied deeply.In this paper,the intrusion detection system based on Snort technology is developed,which can not only meet the current mainstream network intrusion detection function demand,but also optimize the performance,improve the operation efficiency,so it is very important to research the development of the system.