Study And Implementation Of A Network-Based Intrusion Detection System

The Intrusion Detection is a new security technology, apart from traditional security technologies, such as firewall and data cryption. IDSs watch the computers and network traffic for intrusive and suspicious activities.With closed research of the intrusion detection techniques and the CIDF specifications, We implement an NIDS with basic detection functions in laboratory enviroment. Both miuse detection and anormaly detection are adopted by the system, which can run on the Linux platform co-operating with MySQL. Design and implementation of the anormaly detection of the event analyzer, the event database and the response unit are discussed in this paper.We design an NIDS architecture model according to the CIDF apecifications.and design and implement each component of this system. Chapter one introduces the intrusion detection concept, and discusses the classification of IDS and the research trends of IDS in the world. In chapter two, principles.system architecture, communication specification, CISL and CIDF APIs are discussed in detail. In chapter three, we discuss an NIDS system design, including overall design and function design of each component. Chapter four includes detailed design and implementation of the anormaly analyzer, the event database and the response unit. The test result of our NIDS is the last part of this paper.