| The traditional security model cannot keep up with the rapid development of modern network technology; the model of PPDR is substitute of the traditional security model. As an important part of PPDR model and effective supplement to the tradition security protect technology, such as firewall and data crypt, IDS (Intrusion Detection System) identifies vicious behavior of using host and network resources and provides information for ANTI-DETECTION. An ID not only detects the intrusion from the extranet hacker but also monitors intranet users.IDS can be divided into two different types according its origin of data. One is based on host and another is based on network. At the same time, the ID analysis methods also have two ways: one is anomaly detection and another is misuse detection. Nowadays, the most popular ID analysis method is misuse detection.Firstly, the thesis introduces the traditional security model and PPDR model, analyses and compares the difference between two models. The next generation ID analysis technology ?the protocol analysis method also be introduced in this paper. Secondly, the author plans and completes a network IDS which adopt the protocol analysis and pattern match method. IP fragment reassembly and TCP stream assembling is analyzed and completed, decoding the HTTP request which coding by the Unicode to the ASCII. At last, the author introduces how to describe the characteristic of attack and uses an improved pattern match algorithm to do pattern matching.Compared with other program, this system has a high performance, increases the ability to defend against NIDS evasion and decrease false warning. The dissertation make significant to help corporation establishing the network security system and implementing IDS.
|
PDF Full Text Request