Research And Implementation Of Hi-Speed Network Intrusion Detection System Based On Bank Applications

Intrusion Detection System, that is IDS, is a kind of computer system which indentifies and responds to the violation of policies of computer security and network security. It turns passive protection into active auditing and monitoring. And it gives realtime warnings or puts up block to intrusions of hackers and maloperations of insiders, which brings down the risks of computer systems and networks.The paper begins with the fundamental aspects of theory of IDS, including the concept of IDS, models of IDS which have come into being, the classifications of IDS, the evolution and trends of study in the field of IDS, with emphasis placed on the methods of detection and analysis which is one of critical technologies of implementing IDS. Then the framework of OS kernel of Linux, which is the most ideal OS platform for implementation of IDS, is stated briefly. At last it brings forward an applicable design of high speed network IDS used in bank application and describes lots of things valueble about implemention in detail.In the design and implementation of the system, the author tries to optimize the design and implementation of network sensor on Linux platform, including implementation of hi-speed network interface card driver, hi-performance and portable program to capture packets with the use of libpcap, pattern matching on the basis of efficient algorithms and data structures. And implementation of data stream reassembling in network applications is also fulfilled, which can present us with an exhaustive description about scene of running network applications. Especially, according to the demand in bank applications, an analysis plugin has been developed to monitor and audit the network connections between bank applications. By virtue of share memory and large size buffers, the serialized processing of data in the whole system runs with high speed just like a macro pipelining and the rate of packet loss can also be controlled within some desirable range.Research done in the paper not only solved the problems related to implementing Network IDS, but also provided a referable scheme for network security and auditing of application in enterprises bythe combination of generic IDS and application in a specific field. With continuous improvement, the system will surely have a very good prospect.