Research On Network Topology Information Technology In The Application Of Network Intrusion Detection System

With the network scale continues to expand and the complexity of hackers'tactics increases quickly more and more, the demands of network security for people also develops. Simple firewall can not protect against the complex and changeable attacks, so intrusion detection technology come into being. Network Intrusion Detection is a dynamic security protection technology. The technology looks for the violation of security strategy, or signs of attack for the network system to provide protection by monitoring network or system resources.Mainstream Intrusion Detection System (IDS) products in the market are issued many false positives, which tend to hide real attack. In the test of IDS products, some products get to next collapse in the wrong burden. But when the real attack occurs, some IDS products can't capture it. While others report of IDS products mixes in the false alarm, which is easy to miss. Author hopes that it can make some improved ideas of Network Intrusion Detection System (NIDS) through this paper, which can solve the problems in existing NIDS, so that it can play a greater role.This paper first makes a deep research and analysis in the traditional NIDS architecture, that the existing NIDS having problems, namely:1. Low rate of false negatives and positives, much more information, and low efficiency.2. It is more difficult to distinguish the key information between alerts ones.In summary, NIDS'fundamental problem is that"low data effectiveness and lacking pertinence."And the reasons of this outcome are the deficiency NIDS knowing the locating network environment too few and lacking pertinence. This article hopes that through this passive detection based NIDS, supplemented by manual input on the way the discovery of the network environment in which there is much more awareness and, based on this report information on the targeted treatment, which could be more effective work. Then it introduces a"passive network features found"research, which provides theory support for the improvement of NIDS.In this paper, using Java to design a Net Topology Information(NTI) gaining system based on the web, and constitutes a NTI analyzer; Using the method that"the flag information(Banner) recognizes service software and operating system"to cognize the network topology, and creates NTI database. Then NTI analyzer and database are applied in NIDS Snort. The improved NIDS achieve to discovery the network topology environment, in the face of an invasion of the attack than on the"rules for the invasion"and the targeting of the characteristics information, based on it we judge on the invasion validity, and it can be reflected in the alarm information back to the user.Finally, this paper analyzes the achievements and existing problems, and concludes the overall situation of the topics, then puts forward some thinking but not implementing ideas and looks forward to the future work.In sum, this analysis is through the existing NIDS, then recognizes the existence of fundamental issues and put forward to achieve some rough idea of the improvement. As an exploration and research, hoping that there will blaze new trails, and play a guiding role.