| With the broad and in-depth application of Internet, the problem of network security becomes to attract focus. The Challenge is how to defend the frequent network intrusions and how to deal with the emerging attacks. People find that they have to make use of kinds of security technology to construct comprehensive and effective defense system. And Intrusion Detection System technology is crucial to integrated network defense, which is a kind of active defense technology that solves the problems of passive defense technology. Hence, the research on integrated network defense and intrusion detection system is critical to network protection.At present, the research on integrated network defense focuses on two topics: the structure of system and integration of subsystem. The research on intrusion detection system is involved with many respects, such as framework, defense of attack of IDS, detection on high speed network, intelligent detection. Based on systematic and complete study of newest research on relative fields, this thesis researches on several important problems in depth and achieves some innovations.The innovations are as follows:(1)This thesis presents an integrated network defense system framework that supports evolution of system at run time.With distributed autonomous agent, the framework could construct distributed system. The framework provides a platform for integration and collaboration of isomeric systems, which resolves problems of the pluggable subsystem of presentation, storage, control and communication in a closely coupled system. And the framework supports evolution at run time.To resolve the problem of continual evolution of system, this thesis presents V2C architecture and conception of evolving system based on message. The architecture is based on VIM design pattern and message notification, which overcomes the limit of domain based framework. V2C is applied on integrated network defense framework successfully.(2)This thesis presents Common Intrusion Detection Knowledge Self-optimization Frame and Destruction Defensive framework.The automatic update, exchange, sharing, and propagation of Intrusion detectionknowledge is important to detection ability of IDS. Common Intrusion Detection Knowledge Self-optimization Frame provides different types of IDS with services of automatic classification, update and propagation of Intrusion detection knowledge. When the failure of nodes of a system coming up, because of accidents or attacks, destruction defensive framework provides an effective recovery scheme for system as a whole. Experiments show that the result is satisfying.(3)The thesis presents meta-rule based firewall integrated management.The meta-rule based firewall integrated management resolves the relative security problems of traditional perimeter firewall and overcomes the respective limits of firewall farm and distributed firewall. The meta-rule based firewall configuration provides unified configuration for different type of firewalls, resulting from which system has nigh extensibility.(4)This thesis presents data mining aided signature automatic discovery algorithm for network based IDS and detection rule creation algorithm.This thesis presents Signature Apriori algorithm that could create a set of candidate signatures from packets of communications. With Signature Apriori algorithm and associated rule algorithm, detection rules are created automatically by rule creation algorithm.(5)The thesis presents complicated signature detection algorithm and complicated signature detection rule automatic creation algorithm. Also, the thesis presents Time slice based collaboration detection mode that could be applied on high speed network.Complicated signature detection improves false positive rate compared with single signature detection. And the thesis gives the algorithm to create relative rules automatically. On high speed network and under heavy overload of network, Time slice based collaboration detection mode dramatically improves the ability to detect packets.
|
PDF Full Text Request