Design, Implementation And Deployment Of Intrusion Detection System MIL-IDS

With the development of military network technique, the security problems of the military network become more and more noticeable. Intrusion attack, DOS attack, DDOS attack, secret stolen, etc, have taken place more frequently and brought more threats for the military network. Although we have a lot of security techniques, such as network firewall, virus detecting system, encryption technique, there are still a lot of services which had been attacked under the circumstance when they cannot be detected in time. Because these techniques belong to the category of passive defense system, the intrusion detection system comes out as an active defense systemFirst we carry on a summary to the network security problem and techniques. Mainly, we aim at the intrusion detection technique. There are two kinds of instruction detection techniques: Misuse Intrusion Detection technique and Anomaly Intrusion Detection technique. The advantages of anomaly intrusion detection technique lie in that it is irrelevant with system, general-purpose, and can detect the unknown attacks, but its weakness is high rate of false alters. The advantage of the Misuse intrusion detection technique is its accuracy. The weaknesses are having strongly dependence, not easy to transplant, great maintenance work, and can not detect the unknown attack.And we use a light-weight intrusion detection system - snort as an example, carry on the research towards the system function and how to deploy it in the network. Based on the analysis work, we also design a mini military intrusion detection system-Military Intrusion Detect System (MIL-IDS) that can run on the military network, and describe its architecture and implementation. MIL-IDS collects data quickly and combines the protocol analysis and the improvement BM string matching arithmetic to implement the efficient, exact analytical method. It also offers a simple, understandable interface and detailed log. After finishing the implementation, we also test the capability and function of the modules of MIL-IDS and give some typical attacking examples to test the applied function of the module. MIL-IDS is running on PC and protects its security. MIL-IDS can work together with personal firewall and they constitute a dynamic security system that can protect PC more efectively.We verify the system function by experiments. And finally, we put a solution for the deployment in a large military network.