Investigation Of Intrusion Detection System And Its Design Based On Analyzing TCP/IP Protocol

The IDS is used for intrusion action. By collecting and analyzing the information of key position of network or system, it can find the actions of violating security policy and detecting the traces of being attacked from network or system. The IDS has a lot of intelligence, it correlates artificial intelligence closely. It is the combination of computers science, mathematics and so on. It includes many advanced techniques of current computer field, such as data mining, neural network, etc.Based on analyzing the shortage of IDS, traditional network safety technology and PPDR, an IDS model is described. A new way to integrate protocol analysis and pattern matching is presented, and it is adapted to the architecture of IDS. The total architecture of system is designed. The application of TCP/IP protocol analysis technology is analyzed in detail. The mixed IDS is distributed framework, and it can be central managed too. Also, a design and resolve scheme is offered for every composing part, including scanner, network packet capture, protocols analysis, storage and response technology, and IDS integration with the firewall system. The technique of realizing for some portion is described also.