On The Research And Improvements To The Network Intrusion Detection System-Snort

In resent years, with the rapid development of the information communication throughout the world, while enjoying the resource-sharing resuled from the network and rapid convenience from informinntion communication, we have to face with increasing malicious attact. Therefore, we must make a serious study of the network safety. Since Intrusion Detection System is a positive defence means, it has become an important part in the resent web safety system.Firstly, the paper expatiates the concept, history, sort, and CIDF model of Intrusion Detection, and also introduces the famous open source Network Intrusion Detection System, Snort's working principles, and pattern matching algorithms. In this part the paper puts emphasis on analyzing the rule chain and the rapid rule chain on which the rapid rule matching engine depends.Secendly, aiming at the problem of high rate of dropinging packets in high network flow, the paper proposes the algorithm about Dynamic Self-Adapting Multimedia Data Processing. According to the changes of network flow, this algorithm can automaticlly adjust to the methold of processing multimedia packets, on the condition of not exceeding the rate of drop packets limit. On one hand, it could put the limited detection ability to good use on the dangerous packets; on the other hand, it could effectively reduce the rate of droping packets. According to the results of experiment, this algorithm could reduce the rate of droping packets to about 17%.In order to carry out this algorithm, the paper adds multimedia data identification to Snort, and designs two defferent processing methods on multimedia packets, both of which could let users set the processing of bidirectional or unilateralism data flow by inputing parameter. At the same time these two methods have the function of dynamic adjusting subtype of multimedia and the order of multimedia feature character.At last, the paper has added the function of parsing protocol of DNS and outputing the information of network flow to text file, so the users could directly input the network flow which is output by Snort to DB and Excel to analysize or calculate.