Font Size: a A A

Study On Intrusion Detection System For Enterprise Lan

Posted on:2005-12-11Degree:MasterType:Thesis
Country:ChinaCandidate:Z Q GongFull Text:PDF
GTID:2168360125968060Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
Society's increasing reliance on networked information systems to support infrastructures has prompted interest in making the information system survivable,so that they continue to perform critical functions even in the presence of vulnerabilities susceptible to malicious attacks.To enable vulnerable systems to survive attacks,it is necessary to detect attacks before they damage the system by impacting functionality,performance or security.In this paper the network security of Modern Enterprises is discussed ,and a Intrusion Detesion system, based on the theory of monitoring for system resource, is realized.Intrusion Detection is an important technology business sector as well as an active area of research.Intrusion Detection Systems are needed because firewalls cannot provide complete protection against intrusion.A major advantage of IDS is the ability of the IDS to detect unkown attacks by examining audit data collected from a system.There are tow kinds of main IDS systems,Host-based IDS and Network-Based IDS,each has pluses and minuses. A more comprehensive solution,Resource-Based Intrusion Detection System, combining these two kinds of methods above,is put forword according to the characteristic of enterprise. In section four the implementation method of a Network-based IDS is presented,whose encapsulation is Snort,a Lightweight Open Source NIDS.An important problem,sniffing switched networks,has been solved.The communication among the NIDS modules accords with the CIDF criterion.The test indicates that the system works well.In section five a Host-based IDS for Windows 2000 is realized. This module incorporate system call anomaly detection modeling methods and monitor file systems and Registry accesses.Monitoring System call regards PH(process Homeostasis)which is a Linux 2.2 kernel extension as the prototype.PH detests unusual program behavior and responds by slowing down that behavior,thus it detect anomalies whith a low rate of false positives.The function of this module has been verified in testing too.In section six the test results have shown that the purpose of the research is realized. Finally, this paper dicusses the issues surrounding the IDS and future solutions.
Keywords/Search Tags:IDS, System Call, Enterprise Lan, Resources Monitoring, CIDF
PDF Full Text Request
Related items