| With the rapid development of Internet, Network intrusion is becoming a serious problem. As a valuable complementarity of the firewall, Network Inrusion Detection System (NIDS) is very popular. However, there are still lots of problems in this field, such as how to automate the construction of attack rules, how to detect attack variations or unknown attacks, how to resist the attacks against NIDS itself, and how to satisfy the demand of high speed detection ability when it runs on high speed network, and so on.In this paper, according to other researchers' work, we evaluate their work to solve these problems that appear in NIDS. And according to analyzing pattern algorithm of multiple strings (MPJBM), this paper describes how to implement it and how to make it work better, in order to improve the performance of NIDS. And according to Protocol Analysis detection, it can flag the anomaly traffic, and detect some attack variations, and resist attackers' obfuscation attempts. The Protocol Analysis technology includes the Simple Protocol Analysis (SPA) detection method and STAteful Protocol Analyzed (STAPA) detection method. According to this technology, NIDS can detect attack that is performed through many steps, and this problem has been ignored for a long time, and it also can make up the disfigurement with only Pattern Match. At last, we get a NIDS model combining Pattern Math and Protocol Analysis, and describes this model's total structure, then explains how to implement some modules, and then analyzes the superiority of such a model. Of course, we also points out some disfigurement of it.In a word, the NIDS model combining Pattern Math and Protocol Analysis that we propose in this paper can improve the detection speed of NIDS, and reduce the consumption of the system resource, decrease the frequency of misinformation and get obvious improvement in performance. |
PDF Full Text Request