| The thesis is made under the following backgrounds of security state of the network being threatened more and more, that is, overspread of viruses, the hijackers that attack the network frequently, and the overflowing hijacker soft wares. Those all threaten severely to information security. The thesis starts from TCP/IP protocol, analyzes the frangibility of the protocol and the non-security factors of Internet behind it. And then analyzes aggressive ways usually used by hijacker, and then the solutions corresponding to different security requirements are brought forward. Afterward, the thesis dissertates IDS (Intrusion Detection System) in details, a new secure product, from IDS's coming into being, its history, and the status in quo to its development trend, the relation with other secure products, and its significance. The last chapter of the thesis expatiates the design thought and implementation method of a distributed IDS with CIDF framework based on protocol analysis.The core of the IDS lies in three points:First is intelligent. This is to say, detection should find the intrusion that is not in the knowledge database. Only doing so, IDS can trace intrusion ways continuously developed. This is the hot in current research field. There are many technologies in research stage, for example, biology immunity, inheritance algorithm, neural network, data mining, and so on. But, the mature technology is statistics means.Second is real-time. With the development of high speed network, the throughout of network becomes great. How to detect the packet of data in network in real time is also the present focus. In this field, the protocol analysis is known as the way mainly used.The last is veracity. It reduces the leak and mistake alert of the intrusion. One of cores is the abstract of the intrusion event, which is determined by if the function of event description language is power or not.The IDS design of this thesis is based on the above three points. An adaptive model of intrusion analysis engine, which does not exist in current IDS products, is designed to analyze new intrusion, and improve theadaptability of IDS. But some contents have been predigested by current technology level and the practical application.
|
PDF Full Text Request