中文摘要：

现有的入侵检测系统缺乏对自身安全性的考虑，且系统配置和调试复杂，严重影响了入侵检测技术的应用与发展。为了加强对系统的安全保护，便于系统部署、配置和调试，采用分层的思想，构造了一种基于Snort的分层入侵检测系统，在系统的传感器和服务器间采用防火墙将主动防御和被动防御进行了结合，并采用OpenSSL组件实现端到端的加密传输。实验结果表明，与原始的系统相比，该系统较大程度地提高了系统的安全性。同时，各层次的独立部署和配置，也极大地简化了系统的调试。

英文摘要：

With the rapid development of network technology and the increasingly rich Internet applications, Network security issues become particularly important intrusion detection system as an effective protection technology was proposed. Aiming at the above issue, a Snort-based layered intrusion detection system was designed, in which a fire- wall was adopted between Snort sensor and server combining active defense with passive defense. Also, OpenSSL was adopted to implement end-to-end encryption transmission. The experiment results show that the security of the system is greatly improved comparing with the original system. Meanwhile, it is simplified for administrator to con- figure and debug the system attributing to the independence of system components.