| As more and more mission-critical computers are interconnected to the Internet, people have to be concerned about the problems of network security. While frequent attacking incidents press for solving the problems. This thesis begins with studying attacking technology, including analyzing every stage of an intrusion process and various attacking methods, summarizing the fundamental reasons of various network security incidents and the trend of attacking technology. Afterwards, this thesis put emphasis on studying intrusion detection technology, including introducing the classification of the intrusion detection systems (IDS), analyzing various intrusion detection methods and their advantages and disadvantages, pointing out the limitations of current IDS and the challenges to it, summarizing the trend of intrusion detection technology. In studying the network IDS, this thesis present combining the host knowledge and the network domain knowledge with the networking packets as the data source of the network IDS, this can solving the problem of the network IDS being vulnerable to the insertion attacks and evasion attacks. Another renovation in this thesis is the concept of the detection sub-network. Through partitioning the network to several detection sub-networks, we can distribute the large payload and specialize the function of the detection engine, while this can meet the high-speed network's challenge and increase the speed of the detection engine greatly. Finally, this thesis designs a distributed IDS and implements part of it. In the distributed IDS, the networking detection unit adopts the rule-matching method, while the host detection unit adopts the neural network method. |
PDF Full Text Request