基于应用层协议的入侵检测依赖于特定的协议分析器从流中获取高层次的上下文，为了选择正确的分析器，传统的系统依赖于一些众所周知的端口号。正是因为这样的原理，很多非法的连接不使用标准端口或者采用隧道技术躲避入侵检测系统的检测。在本文中，我们希望实现一个利用包重组获得完整的数据流的上下文实现动态应用协议分析，以成功地检测到采用非常规手段的入侵。

Many intrusion detection systems (IDS) rely on protocolspecific analyzers to extract the higherlevel semantic context from a traffic stream. In order to choose the right analyzer, the traditional systems rely on some wellknown ports.Thus, many illegal connections do not use the standard port or use the tunnel technology to evade the intrusion detection system’s testing. In this paper, we hope to achieve a complete reorganization of the data flow to achieve the context of dynamic application protocol analysis so as to detect the intrusion of using unconventional means.