Study And Design Of Network Intrusion Detection System Based On Protocol Analysis

Intrusion Detection System (IDS) is an important part of network security protection system. As a kind of active security technique, it can detect the attack before it causes any destruction, and also use the alert and protection system to get rid of the intrusion. In this process, the loss caused by intrusion can be reduced. After the intrusion, related information can be collected for later and be used as the protection system character. This character can be kept in characteristic library so that this kind of intrusion will no longer happen. However, with the development of the increasing expansion of the network scale and the increasing renewal of the intrusion method, the traditional intrusion detection technique based on pattern matching has not suit for the requirement of intrusion detection technique. Protocol analysis makes good use of the high sequence of network protocol to detect some attack character fleetly. It solves the vast computing amounts, and has the characters of high speed,precision and efficient, and it can satisfy the require of high-class intrusion detection.This paper consists of six chapters. The full text frame is as follows:The first chapter: this chapter introduces the backdrop,significance,the research of developing status and direction at home an abroad,the shortage and the development direction of network intrusion detection system.The second chapter: this chapter summarizes intrusion detection system and introduces the step,principle,classification of network intrusion and the technique of network intrusion detection.The third chapter: this chapter firstly introduces the traditional single pattern and multiple patterns, then in this foundation the author puts forward a kind of multiple pattern algorithm based on sequential binary tree. It can effectively reduces the times of match number and enhance the match efficiency.The fourth chapter: this chapter introduces the TCP/IP protocol mode of computer network and some main network protocol in detail, introducing the principle and superiority of protocol analysis.The fifth chapter: this chapter establishes the framework of network intrusion detection system based on protocol analysis, which includes the capture of network packets module,pretreatment module,match and detection based on protocol analysis module,rule parsing module,data storage module,response module and so on, and separately carries on the analysis and the design to the mainly modules in detail.The sixth chapter: this chapter produces the paper summary and the next way to work.At present, the traditional intrusion detection technique based on pattern matching has many problems such as the slow match speed, the high false reporting and high failing reporting. Firstly, based on the research of IDS developing status and direction at home and abroad, the author puts forward the idea that pattern matching combines with technology of protocol analysis which can reduce the false positive and false negative effectively. Secondly, based on the research of single pattern and multiple patterns, the author ameliorates the multiple patterns algorithm and improves the matching efficiency. In addition, this paper solves the problem of ip-fragment and tcp-stream assembling by using splay tree structure.