| With the rapid development of computer and communication technology, the traditional security model no longer meet the needs of the network security. Therefore, the dynamic security model-P2DR model is developed. Intrusion detection system (IDS) is a very important part of the P2DR model. According to the means of detection intrusion, IDS can be divided into signature-based detection and anomaly detection, signature based IDS also is called misuse IDS. According its deployment and data source, IDS also is divided into network based and host based detection. Every one has its advantage and disadvantage. Today's commercial IDS produces have evolved to the third generation; most of them use protocol analysis and command parsing technology. They belong to misuse IDS.Firstly, this thesis introduces the history of the IDS, and analyses the development of today's IDS. Secondly, a new distributed IDS model is put forward, and their functional modules are designed. And at last, some experiments are designed for this distributed IDS model. This model uses not only misuse but also anomaly detection technology, and at deployment the host based subsystem cooperates with the network-based subsystem. In the distributed IDS model, modules run concurrently and cooperate with each other. The network subsystem mainly uses signature-based detection and the host subsystem mainly uses anomaly detection. Once intrusions be detected, the response module cooperation with Iptables will be put into effect. In this thesis, a new way is designed to protect servers from SYN flooding attack. In this way, first SYN request is processed with a delay.
|
PDF Full Text Request