| With the rapid development of network, more and more implementation come forth. Many implementations such as E-business, E-govemment affair, on-line trade have been used in daily lite. So network safety becomes more and more important. Network attackers steal other's private information, attack other people's computer system and even commit a crime by network. Therefore, we must protect the network's safety using certain measure.Concerning the current network safety's posture, the paper points out that the traditional safety model can't adapt the tendency of network safety. The prevail network safety model is based on PPDR. It is made up with four parts: policy, protection, detection and response. Intrusion detection technology is an important part of PPDR model. It can identify vicious purpose and actions and response to them in time.According to different data sources, the current Intrusion Detection systems can be sorted to one type based on mainframe and the other one based on network and according to difficult detection modes, it can be sorted to one based on singularity and the other based on misuse. The paper discusses two standards about intrusion detection: CIDF and IDWQ and talks over its tendency.The paper gives a software implementation for intrusion detection system under Linux. The paper also implements the program of the capture of data packet and illuminates the detection of rule on the basis of analysis of the behaviors of intrusion. It also includes the part of decoder of protocol data, IP fragments reassembling, TCP stream data reassembling and HTTP decoding. The rule detection module, which adapts faster matching arithmetic and increases the system's performance, calls the response program when the intrusion is detected. In the end, combined with the development tendency, it describes the system's transference aim.
|
PDF Full Text Request