Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security

Improvement Study of Content-Based Intrusion Detection System

Author LiHongXia
Tutor WangXinSheng
School Yanshan University
Course Applied Computer Technology
Keywords Intrusion Detection System Misuse Detection String matching algorithm Rulebase Protocol analysis Snort
CLC TP393.08
Type Master's thesis
Year 2006
Downloads 101
Quotes 2
Download Dissertation

With the rapid development of information technology , information security has gradually developed into a key issue of information systems . Intrusion detection as a proactive information security safeguards , effectively make up for the shortcomings of traditional security technologies such as access control , firewalls and authentication . Many intrusion detection system being studied and used, but with the increasing of the invasive type, number , and network bandwidth , resulting in the accuracy of the system , the efficiency can not satisfy people's requirements . Misuse - based intrusion detection systems , the characteristic string matching is the most time-consuming part of the testing process , and match the performance of the algorithm is a direct impact on the overall efficiency of the intrusion detection system . To address this issue , this paper first elaborated several classical string matching algorithm , analysis of their scope of application , advantages and disadvantages . On this basis , based exclude string matching algorithm , the algorithm can quickly and accurately rule out the load does not contain a string matching pattern packet . Same time, the detection process based on the misuse detection systems is the packet payload and the rules in the rule base to match , so the structure of the rule base also has a great influence on the detection efficiency . To address this issue , the rule base structure improvements. The one hand , by optimizing the rules of classification standards , so that each rule uniquely subordinate to a rule linked list ; the other hand , taking into account the difference of the frequency of use of application service , the service port on the rules in front of the linked list . In order to further improve the speed and accuracy of intrusion detection , reduce the packet load length to be tested consider the idea of the application layer protocol analysis , which can reduce the burden on the detection system , and increase the accuracy of detection . The this paper lightweight network intrusion detection system Snon under the Linux operating system , a series of experiments and focus testing string matching algorithm and the improved performance of the rule base proposed in this paper . Derived by analyzing the experimental results with theoretical agreement , a marked improvement in the performance of the system . Improved intrusion detection system there are still some problems and shortcomings , the direction of future research and content are given in the final .

Related Dissertations
More Dissertations