| Network security is a problem which people pay close attention to. The action of network intrusion and virus entry is increasing seriously with the rapid development of the internet. The traditional single firewall technology couldn't meet the demand of the network security under such circumstance. The intrusion detection technology is a powerful supplement to firewall technology; it not only can detect the external illegal intrusion effectively, but also can detect the internal illegal operation of users. The intrusion detection system is a significant part of network security.The research status and development tendency of intrusion detection technology at home and abroad are introduced in this paper, then the concept, classification and analysis of intrusion detection was presented in detail. This paper has studied several common pattern matching algorithm carefully and proposes a method by combined pattern matching to protocol analysis. An advanced FBMH (Fast-boyer-Moore-Horspool) algorithm is proposed based on BMH ( Boyer-Moore-Horspool ) algorithm, and this new algorithm is proved having higher matching efficiency than the original algorithm. An intrusion detection system model is proposed based on protocol analysis. This model is composed of five modules: packet capture module, pretreatment module, protocol analysis module, rule parsing and detection module and response module. Finally, a test bench of intrusion detection based on protocol analysis is built in Linux operating system, the result of the test is analyzed and demonstrated. |
PDF Full Text Request