Design And Research Of Intrusion Detection System Based On Linux Host

With the popularization of computer technology,it has greatly changed people's lives and work,and has become the main method for information exchange among all walks of life.However,contrast with it,computer information security research is still backward.Traditional computer security technologies,such as network firewalls,computer data encryption,and resource access control,have gradually exposed their limitations.Information security issues cause widespread concern,more effective measures were urgently needed.As a means of active protection,intrusion detection technology can effectively compensate for the shortcomings of traditional security technologies and provide a multi-level security guarantee for computer systems.This paper first elaborated on the current security situation and the significance of the intrusion detection system,analyzed the status of the intrusion detection system in depth,and introduced the relevant theories and techniques of the intrusion detection system in detail.According to the application scenario,the paper deeply analyzes the requirements of the intrusion detection system based on Linux host,proposes the overall design of the system,and designs the six functions of system data extraction,data transmission,data storage,behavior judgment,model training and interaction management;A method of extracting user shell records based on dynamic link library is proposed,which achieves the collection of audit data in intrusion detection system and reduces the impact of intrusion detection system on the performance and stability of the detected host.The intrusion behavior detection method verifies the feasibility of the method through experiments,and applies the method to the intrusion detection system described in this paper,which improves the accuracy of the intrusion detection system.The intrusion detection system proposed in this paper not only strengthen the security of the system itself,but also reduce the system's performance impact on the original system.This system effectively compensates for the defects of the existing computer security technology,improves the degree of automation and self-adaptation of intrusion detection work,and provides a more effective security protection method for system administrators.