Intrusion Detection System is a new generation network security technology over the past decades. It detects whether there is any violation of security policy or attack of hackers via analyze the collected information of each nodes in network. IDS is a comprehensive dynamic security technology, composed with detection, log, alert and response, not only detection any intrusion external action but also monitor internal unauthorized action.

IDS technology in face of two challenges:

1. How to improve detection speed to meet the requirements of network communication.

Processing speed of network devices is always a major bottleneck in network performance. Though IDS work as by-pass method, the synchronization of detection data transmission is still a problem and the missing and false rate will affect the veracity and validity. It will cost much time and system resource, generally, to capture and analyze every packet in network, so, many current IDS can adapt several decades Megabyte. With more and more popular of 100M and even 1000M Ethernet, the technology development of IDS will lagged far behind the development of network.

2. How to reduce the missing and false rate to improve accuracy.

Based on pattern matching, IDS will extract the characters of all intrusion action and save them in its database. Then, distinguish whether the character of captured packets match the data in its database. Therefore, it is a big reason if the characters database can not update immediately with there is new attack method and released vulnerability every day. Most IDS which based on check single packet will not distinguish camouflage or deformation network action and lead to many missing or false alarm because of the shortness in protocol analysis.

In the face of the two challenges in IDS currently, Ax3soft Sax2 reach exactly and efficiently detection via deeply analyze protocols, follow up and revert network conversation, reconstruct TCP/IP stream, sort all cached data and label the train samples, and then submit the train samples to the detect engine. In addition, Ax3soft Sax2 enhanced multi-pattern matching algorithm to improve the detection speed.