Design And Implementation Of NIDS Pattern Matching System Based On MCF52234

The network intrusion detection system (NIDS) can improve the security of the system of network as an important technique. It can capture and analyze the network traffic, find suspicious behavior and respond to the invasion in real time. The pattern matching algorithm identifies attack through searching the attacking characteristics in data packet and is the core technology of the NIDS based on the characteristics. It is the main way in modern intrusion detection technology development that directly achieving advanced software algorithm on the hardware platform. This design uses MCF52234of the Freescale Company as the development platform and10/100M fast Ethernet controller and Flash memory module integrated in ColdFire V2core to design the system of intrusion detection pattern matching.The traditional way to realize the intrusion detection system by the software has many shortcomings, such as costing of operating system resources, depending on the operating system deeply, easy to be hacked, not easy to upgrade, and the expensive hardware prices and the long period of development improve the cost of the system designing. This paper presents the design and implementation of the intrusion detection pattern matching system based on MCF52234. This paper reaches the requirements of pattern matching and realizes the function of the system intrusion detection pattern matching combining improved hash algorithm. At the same time, MCF52234has low power consumption, small volume, low price, stability, reliability and other characteristics, and realizes the generality of the system design, and reduces the system’s research and development costs.In this paper, it designs and realizing the intrusion detection model matching system based on MCF52234hardware platform of Freescale Company. First of all, it designs and develops MCF52234development board, and programs the driver of the Ethernet module and UART module to meet the design requirements of the system hardware platform; Second, it stores the attacking string of the snort rules library in the Flash memory storage of the MCF52234and establishes system rules library to improve the speed of access to data; and the data stored is not easily lost and it’s easy to make rule library online update. Finally, it achieves XOR hash algorithm and pattern matching on MCF52234, detects collected data by Ethernet module, and displays data through serial port.This system can handle1520bytes Ethernet frame data, and detect13bytes attacking string. With the expansion of the Flash memory, the length of the attacking string can be increased to16bytes or more. The speed of the system matching the13bytes by the hash table is20.8μs, and it is higher than other ways.The results show that the system achieves the desired function, has low consumption, high reliability, small volume, portability, with a wide range of applications.