| With development of network, network security become serious increasingly. It is very pressing to protect our information resource with active steps in network security domain. Today, it' s difficult to resist the multiple and changeful intrusions effectively only by the traditional network security devices such as firewall and security router. Although the firewall can deter familiar intrusion means such as protocol implementation hole and address spoofing, it cannot resist intrusions such as Denial of Service and network virus, emerging in endlessly. Especially, actual intrusions come mostly from intranet. But the firewall is incapable for them. It is idealist to avoid completely intrusion events. For network security, presently, it can only try hard to find intrusions and intrusion attempts early in order to take actions to hold back intrusion, repair hole, or restore the system destroyed. That is just Intrusion Detection System' s work. Intrusion detection system, as an active safety precaution technology, detects inter intrusions, external intrusions and user' s misuses in good time, even real time, and responds to intrusions when network system is hurting.First, the last scholarship and application of IDS, including detection means, architecture, etc., were traced and studied in this thesis. Then, aiming at the characters of campus network security and familiar Denial of Services, the network abnormal intrusion detection system based on the monitoring of network' s abnormal flux was advanced.In this thesis, the works have been done as following:(1) I studied and analyzed network security and intrusion detection technology relatively by the numbers.(2) Analyzed and compared the typical intrusion detection systems and intrusion means.(3) Studied the network protocol, technology for realization, etc. relating to intrusion detection system.(4) Advancing a king of network intrusion detection pattern which bases on the monitoring of network' s abnormal flux, with the characters such as monitoring network actions macroscopically, strong retractility and strong expansibility.(5) Having realized the design structure of prototype system partly in practice, combining with the fact of campus network. The prototype system has basic function for intrusion detection now.(6) By training and testing the prototype system in experimental environment, the relative perfect detection ability of prototype system was validated.(7) By monitoring the flux of campus network long-term in some pivotal nodes by the audit producing module developed by myself, I got some original data and accumulated experience for the farther research.Finally, I summarized some betterment of this thesis and analyzed the father research directions and the future of intrusion detection system.
|
PDF Full Text Request