Hacker Attack Detection System

With the rapid development of Internet, the problem of network security becomes more and more important How to construct a secure network is an important subject The technologies of firewall, cryptography, identity authentication are indispensable but passive in defensing against network attacks. The technology of intrusion detection against hackers is impassive.At first, This paper discusses the characteristic of attacks and the relation of attacks and network security holes. In the view of attackers, it studies attack technologies, provides a more reasonable classification about attack technologies and analyzes every one of them. And then, it dissusses the technology of intrusion detection against hackers and puts forward a general model of Attack Detection System (ADS).At last, The paper designs and implements an ADS tool running on Linux platform, called as Guarder. Guarder is based on network and has entire intellectual property.Specially, the contribution presented in this paper is as follows: Designs and implements Guarder's model by enbodying the model of ADS and adopting the latest network secure technology. Guarder is comprised of six functinal models: Packet Capturing, Decoding Engine, PreprocessorsHandling, Plugins and Output Engine's initialization, Rule Parsing, Detecting Engine, Output Engine. This ensures that Guarder is functionally complete ADS. Now Guarder can detect 980 kinds of attacks and probes, such as buffer overflows, TCP/UDP port scans, stealth port scans, CGI attacks, 8MB probes, OS fingerprinting attempts, DoS attacks, DDoS attacks, DNS attacks, FTP attacks, NIS attacks, and much more. Adopts the technology of Detecting Engine, defines a kind of rule language with which describing the characteristics of many kinds of attacks, users can employ the rule language to describe the characteristics of the new attacks and add them to knowledge base of attacks, thus Guarder can recognize the new attacks. This ensures Guarder's convenience of expansibility and upgrade. Presents an interactional mechanism between firewall and Guarder. Guarder can modify policies of firewall dynamically. The mechanism improves the adaptivity of firewall. Designs and implements management model of Guarder, which is based on Web. Web browsers are used to view the content, types of the elder and recent packets of attacks. In addition, this system can be used to classify the attacks. The model contributes to heighten manager's working efficiency.