论文标题:基于NDIS的入侵检测系统研究
Globalization of Culture and Modernization of Chinese Culture
论文作者 荆守波
论文导师 高鹏翔,论文学位 硕士,论文专业 管理科学与工程
论文单位 青岛大学,点击次数 66,论文页数 64页File Size2501k
2005-05-01论文网 http://www.lw23.com/lunwen_684318677/ 入侵检测;NDIS;多模式匹配算法
Intrusion Detection System; NDIS; Multiple Pattern Match algorithm
随着信息时代的到来,科学技术飞速发展。计算机技术尤其是网络技术已经(?)入到社会的各个领域,无所不在地影响着社会的政治、经济、文化、军事和社会生活等各个方面,人类社会各种活动对计算机网络的依赖程度已经越来越大,网络安全已经成为世界各国共同关注的焦点。 入侵检测系统(Intrusion Detection System)是一种新型的网络安全技术,(?)为信息安全保障中的一个重要环节,很好的弥补了访问控制,身份认证,防火墙等传统机制所不能解决的问题,它作为一种主动的网络防御手段,近几年也得到了(?)速的发展。 本文首先对入侵检测系统进行了简单的介绍,讨论了入侵检测系统的功能、原理及分类,并分析了传统入侵检测系统存在的局限性。其次,对常见的网络攻击手段的原理进行了分析并给出了一般的防御方法。 针对高速网络环境的特点,在分析了传统入侵检测系统存在的局限性的基础上得出了其性能低下的主要原因有两个,其一是,包捕获引擎不能高效全面的捕获包其二是,分析引擎所采用的分析算法速度不高,不能适应高速网络环境的要求。为了解决这一问题,本文在第四章中提出了一个基于NDIS的包捕获引擎的设计与实现,在第五章中提出了一个改进的多模式匹配算法,使分析引擎可以获得更高的效率。经过试验证明该方法可以明显地提高入侵检测系统的性能。
With the arrival of information age, Science and technology is developed at full speed. The technology of the computer, especially network technology have already got deeply to each field of the society, influencing politics, economy, cultural, military, and all respects of the society live, etc. various kinds of activity of human society have heavy degree of dependence to computer network, and the network security has already become the focus that countries all over the world have paid close attention to.Intrusion Detection System is a kind of new-type network security , as an important link in the information security, it can solve the problem that access and control ,identity authentication and fireworks can not solve , it got the development at full speed as a initiative mean of defense of network .At first this dissertation introduce the Intrusion Detection System, has discussed the function, principle and classification of the Intrusion Detection System, and has analyzed the limitation of traditional Intrusion Detection System, secondly, have analyzed the principle of common network attacks and provided the general methods of defending.For the characteristic of the environment of the high-speed network, it is analyzed that the limitation of the traditional Intrusion Detection System. There are two main reasons that its performance is low, the first is, catch engine can not catch package high-efficiently and across-the-aboard. The second is, the analysis algorithm adopted by analysis engine is not high in speed, can not meet the environment of the high-speed network. In order to solve the problem, among chapter four a package catch engine based NDIS is designed and implemented, among chapter five, an improved multiple pattern match algorithm is given, so the analysis engine can obtain high efficiency. Through the test, these methods can improve the performance of the Intrusion Detection System.
|
