Design And Implementation Of Intrusion Detection System Based On Snort

Nowadays,with the development of industrial control system,especially combined with the mature Internet,industrial control security attacks are increasing,and the traditional firewall technology can not meet the current level protection requirements.Therefore,intrusion detection technology has become a very important part in the current industrial control information security field.Modbus TCP protocol is widely used in industrial equipment.However,due to the security defects in the design,it has many vulnerabilities in the current Internet environment.In this paper,Snort is used as the framework to build an intrusion detection system.At the same time,the corresponding rules for Modbus TCP protocol are formulated.The main work is as follows:1.Firstly,it introduces the related background technology of intrusion detection,the development status at home and abroad,and the difficulties faced.Three intrusion detection methods are proposed: anomaly detection method based on behavior whitelist,abnormal behavior detection method based on time-dependent baseline,method applied to detect man in the middle attack using Ethernet / IP protocol.At the same time,the intrusion detection system based on Snort is studied in detail,and its principle knowledge,functional modules and workflow are introduced in detail;2.The vulnerability of Modbus TCP protocol in the current network environment is studied and analyzed,and the corresponding intrusion detection rules are compiled according to the potential threats caused by the vulnerability;3.By studying the overall structure and working mode of Snort Intrusion detection system,and comparing BM algorithm with KMP algorithm,an improved and optimized string matching algorithm is proposed to improve the matching efficiency of Snort system;4.Build a Snort Intrusion Detection System in the windows operating system environment,through the output plug-in,the system will be graphical processing,more clearly show the results of the intrusion detection system.At the same time,the string matching algorithm in Snort system is replaced by the improved IBM algorithm,and the efficiency is improved by 15.8% compared with the original algorithm system.