Design Of Intrusion Detection System Based On Network Data Packet Analysis

In the process of the rapid development of the Internet in modern society,hacking is particularly serious.Intrusion attacks such as intrusion attacks,denial of service attacks,and abuse of network resources pose an increasingly serious security threat to the network,and it also gives global Bring a variety of negative effects.According to statistics,on a global scale,there will be one hacker attack every ten seconds.The occurrence of these attacks has brought huge economic losses to the world.A series of intrusions have forced us to pay more attention to our cyber security.In general,we usually make firewall technology,intrusion detection systems,security guards,etc.to ensure that our network is not invaded.Therefore,intrusion detection plays a key role in the network security architecture.In view of this situation,this paper designs a scheme for the operation of intrusion detection system based on network packet analysis under Windows system.The entire system is designed in turn through processes such as submitting requirements,requesting requests,collecting data,testing and analyzing,and generating reports.In order to facilitate the use of the user,this article will be divided into ordinary users and administrators.Ordinary users log in to the system,submit the content to the administrator for detection,and then wait for the administrator to detect the results.Finally,the results are viewed by downloading the detected report.The function of the administrator is to accept the user's needs,then collect the required data information according to the user's needs,and then analyze the collected data.After the analysis is completed,the analysis result is uploaded to the server in the form of a report for the user to download.And view.The design of this solution greatly facilitates the use of ordinary users,as long as the user submits forensics requirements and waits for the results.And the design of this system is conducive to the maintenance of the later period,only need to add the classification of user's submitting demand in the client part,increase the technology of capturing data on the server end,can perfect this system.Because this system is based on network data packet analysis,the design of this system focuses on collecting data packets and analyzing data packets.There are many ways to capture data packets.After analysis,the program uses Snort to collect the data packets we need,and then uses the improved k-means clustering algorithm to perform analysis.In the experiment,we used three methods to analyze and compare data packets respectively,namely improved k-means clustering algorithm,using Snort's rule set,and improved clustering algorithm.We use Snort to capture data packets and detect some packets with dangerous information when matching rules in its preprocessing phase.Then we analyze the remaining packets again to improve the accuracy of the intrusion detection system.