论文标题:基于网络的入侵检测系统研究与实现
Research and Implement of Network-Based Intrusion Detetion System
论文作者
论文导师 吕林涛,论文学位 硕士,论文专业 计算机应用技术
论文单位 西安理工大学,点击次数 234,论文页数 59页File Size2769K
2006-03-01论文网 http://www.lw23.com/lunwen_228019732/
Network Security; IDS; Pattern Matching; Protocol Analysis; Detection Engine
随着互联网的日益开放以及网络技术的飞速发展,网络入侵技术已经得到了相当程度的普及,越来越多的人使用黑客工具对网络进行攻击,因此而引发的网络安全问题也愈来愈严重。传统的各种静态安全防御体系,如防火墙、身份认证及数据加密技术虽然都比较成熟,但是,这些技术并不足以构成完整的安全防御体系。因此,入侵检测技术应运而生。它能根据入侵行为的踪迹和规律发现入侵行为,弥补了传统安全技术的不足,是一种动态的网络安全系统,成为了防火墙之后的又一道安全防线。 入侵检测技术经过20多年的理论发展与实际应用,已经取得了比较大的进展,例如,通用入侵检测模型(CIDF)的提出,为分布式入侵检测的发展莫定了理论基础。 本论文首先对当前的网络安全状况进行了分析,指出了传统的安全防御措施存在的缺陷与不足,进而引出了入侵检测系统。然后,介绍了入侵检测系统的发展历史,常用的检测技术以及检测系统的类型,并对入侵检测系统与防火墙的联动防御体系进行了分析。在此基础之上,论文在第三章中,详细阐述了基于网络入侵检测系统的实现原理,并给出系统原型,完成了基于网络的入侵检测系统核心模块(数据包捕获模块、检测引擎、响应模块以及数据存储模块)的设计和编码工作。其中检测引擎采用模式匹配结合协议分析技术实现。 最后,本论文在对所做研究工作的基础上进行了总结,并提出了下一步的研究内容。
With the rapid development of the Internet and the related technologies, the intrusion technology based on network has been prevailed. Though a variety of traditional static security defending system, such as firewall, identification and data encryption are well worked, they can"t construct a defending architecture. So there comes the Intrusion Detection System, a type of dynamic net security system. It has been another defending line behind firewall, which can find the intrusion from the trace and orderliness of their actions.The Intrusion Detection System has been made much progress after two decades" development in either theory and or application, the greatest achievement is the Common Intrusion Detection Frame, which has built a foundation for the further evolution of Distributed Intrusion Detection System. In this paper, we firstly analyze the current situation in network security, presenting the defects of traditional network security technology and then introduces the Intrusion Detection System. In the following sections, we introduce the history of the Intrusion Detection System, and some common detection technologies and varieties of detection systems. On the basis of all above, in the third section of this paper, we thoroughly discuss the theory of Network-based Intrusion Detection System.Finally, the author sums up this paper and put forward the next.
|
