Implementation And Detection Of Denial Of Service Attacks Against Snort

With the rapid development of the Internet,scientific and technological progress has improved people's living standards,allowing people to experience a rich and colorful world,but it also brings opportunities for malicious people.The problem of network security has arisen and more and more attacks and methods have emerged,which have seriously affected the security of the networks we use.As a result,intrusion detection systems were born.In the face of various attacks,detection systems and firewalls formed a defensive line to resist and handle detected attacks.Snort network intrusion detection system(IDS)is loved by people and companies for its good flexibility and open source features.And with the help of countless people,Snort's network intrusion detection system is rapidly developing,and it is relatively easy to respond to known attacks.It has become the most popular intrusion detection system.In this paper,the Snort network intrusion detection system is introduced in detail,and the main structure of Snort is analyzed comprehensively.Then the specific examples are used to illustrate the serious impact of the algorithm complexity attack and denial of service attack on the Snort network intrusion detection system.The algorithm complexity attack is based on the core multi-pattern matching algorithm of Snort system,constructs various special attack data packets,and makes the multi-pattern matching algorithm achieve the worst processing time,thus realizing the interference and attack to IDS.Denial-of-service attacks use high-frequency,high-interference data packets to impact on a network,causing IDS to consume all available resources so that it cannot complete the processing of normal packets and affect the processing capability of IDS.Attack IDS purpose.In order to defend against these attacks,a new multi-pattern matching algorithm,VLDC(variable length don't care)multi-pattern matching algorithm,is applied in IDS.Compared with the AC multi-pattern matching algorithm used in Snort,the VLDC algorithm has a relatively high processing time when dealing with the VLDC attack mode.This paper compares VLDC multi-pattern matching algorithm with classic AC multi-pattern matching algorithm,and then applies VLDC algorithm to Snort to compare the actual effect of AC used in VLDC and Snort.Prove that the VLDC algorithm has a more efficient performance.In this paper,the experiments verify and analyze Snort's deficiencies in VLDC matching.In Snort,Snort completes the VLDC matching process through the AC algorithm.Therefore Snort-VLDC will be used to represent the VLDC matching in Snort.algorithm.Finally compare the efficiency of VLDC and Snort-VLDC when completing VLDC matching.Firstly,the Snort intrusion detection system is attacked.It is found in the experiment that the algorithm complexity attack proposed by Randy Smith in 2006 cannot affect the current Snort system.However,combining the algorithm complexity attack with the denial of service attack can cause Snort to fail.All data packets are detected.Next,we verified that Snort's missed packets will be detected under this mixed attack,and proposes a detection method that will prompt the administrator to attack when it occurs.Next,the VLDC algorithm is applied to the Snort intrusion detection system.This mixed attack is applied to Snort to test and analyze the experimental results.Based on the experimental results,it can be found that the Snort intrusion detection system using VLDC can process all the packets flowing through.Tested and successfully defended against this attack.