| With the rapid development of computer network techniques and science technology, information industry and its applications have expanded greatly, the enterprise (for instance, government, finance, education etc.) and personal users have depended on networks more and more. Meanwhile, a lot of information security in hidden trouble has been aroused with the technology developing. The network security is increasingly paid attentions to in the public and becomes a critical issue for protecting the network infrastructures and information systems. As an active security defending technology, intrusion detection system (IDS) has the ability of detection and recognition the abnormal activities or invasion events from the outer (or inner) of the supervised network (for example, it can recognize the misuses, malicious intrusions, unauthorized accesses etc.). Now, the IDS have been a good complement to firewall and become a research hotspot in the network security realm.This thesis firstly introduces the current network security status and dominating defending approaches for network security, and emphasizes the importance of researching and developing the intrusion detection systems. Then, the concept, classification and popular intrusion detection techniques are introduced respectively. After that, the frequent reasons about the abnormal network traffic are analyzed and corresponding defending measures are presented. On basis of these, a real-time IDS prototype which bases on the abnormal detection of network traffic is designed and implemented for monitoring the traffic of campus networks.The proposed abnormal detection system is designed to monitor the whole campus network traffic, and consists of five functional modules: traffic collecting module, traffic statistics module, abnormality detecting module, alter and response module, graphic user interface. The main function of traffic collecting module is to collect network packets efficiently and delivers them to the traffic statistics module for further processing. The WinPcap 3.1 library is utilized to implement the collecting function in the module. The traffic statistics module parses the header of packets and computes the statistic of them with Tespect to a certain time granularity. The purpose of abnormality... |
PDF Full Text Request