Abstract: It has always been a hot research aspect to achieve wire-speed packet capturing and the upper security applications in gigabit network environment．In previous work,we created the high-speed Gigabit Ethernet packet capture platform NACP by using memory mapping and other methods．On this basis,by using the distribution of IP addresses and the use of system resources as detection parameters,we achieved the anti-DDoS attacks intrusion detection system based on snort tool．The experiments on NACP show that improved DDoS intrusion detection tool Snort is compatible with the high-speed packet capturing platform,and the event of DDoS can be quickly detected and get appropriate response in NACP.Because of the use of high-speed packet capturing platform,the system resources occupied by DDoS detection are significantly reduced,so it greatly improves the system efficiency,and the system can handle other affairs during the intrusion detection.

Key words: Gigabit,High-speed packet capture,NAPI,Distributed denial of service attacks,Intrusion detection system