| With popularization and application of network, network security situation has become increasingly severe. As a key measure of network dynamic defense, Intrusion Detection System (IDS) can detect interior misuse and exterior attacks, and solve problem faced by network security better. But, owing to weakness of traditional technology and improvement of level of attack, IDS must develop continually, too.The subject is a branch of the projec"tactive intrusion protect system". In the paper the main ideal is aim to the technology of evade IDS to proposal a new measure. This paper composes of five parts.After introducing concept and history of IDS in brief, this dissertation lucubrates and analyses the problem that IDS face now. In the second part, we analyzed the weaken of IDS and introduce sorts of the technology of Anti-IDS, In the third part reference in Internet some parts of the code implement the benchmark test tool-Tester. This tool is aim to test the technology of evading IDS by utilizing the weaken of network layer and the transmission layer. And then we test the snort by using the tester and the hacker tool, from the result we find a critical problem faced by a Network Intrusion Detection System (NIDS) is that of ambiguity is the main reason that producing the make false positive and false negative. In the forth part So we present a lightweight solution, Active Mapping, which eliminates TCP/IP-based ambiguity in a NIDS' analysis with minimal runtime cost. The key idea is to acquire sufficient knowledge about the intranet being monitored that, using it, the NIDS can tell which of those packets will arrive at their purported host。Finally, we will utilize the database of active mapping combine with the IDS improve it's the detect accuracy. |
PDF Full Text Request