Research And Design Of Remote Intrusion Detection System Based On Wireshark Software

Recently to the fast development of computer and network security technology, intrusion detection technology has become a hot research in the field of computer security. Intrusion detection is mainly from the network security control of the security, this paper through the analysis of network protocols determine corresponding intrusion behavior. Can prevent intrusion behavior, before the invasion behavior to protect system after the intrusion behavior, is an important auxiliary means of network security technology. In this paper, we design a Wireshark software remote intrusion detection system. The main work is as followsThe key technologies of the TCP/IP model, the data package and the data structure are studied in depth. Based on the research of the analysis principle and the concrete operation process of the Wireshark, the idea of introducing a remote collector and the establishment of a detection system is proposed. The system is divided into intrusion detection module, analysis module, acquisition module three parts. Acquisition is mainly responsible for the data packet capture and collection of data packets are sent to analysis module, through the network packet capture principle, especially data link layer network data bypass gather WinPcap technology research, completed the capture of data packets. Through the design of a custom communication protocol, the completion of the acquisition module and analysis module interaction, to achieve remote data acquisition system. The analysis module is mainly based on the core decoder of Wireshark software. It adopts the plug-in technology, that is, the analysis of each protocol corresponds to a single decoder plug-in. By calling the corresponding decoder, the final protocol decoding. The common methods of intrusion detection are discussed in depth, and the rule base is established according to the common intrusion in the network. The result of the analysis module is matched with the intrusion rule base by the pattern matching method, and the intrusion behavior is detected, and the module of the intrusion detection is established.Through the establishment of remote intrusion detection system, can make the host to take the initiative to protect themselves. It also provides the reference for the next step of the Wireshark.