| Nowadays, with the rapidly application of the network technology, the application of network and technique improve quickly, the current situation of network security is becoming more and more worrying computer network is still face kinds of threaten of attack. All kinds of technologies of network security are ceaselessly developed with the appearance of the importance of network security. Among all the network security technologies, such as password authentication, security audit. Firewall, technology of encryption, and so on, all these belong to a kind of static defensive technology. It is still difficult to protect the security of the network if we purely depend on these technologies. And the network security is imperfect without an active system of monitoring and tracking intrusion. Whereas, the network security monitor system is able to monitor the secure events happening in the network and the secure hole existing in the network in an active and real-time way. If we combine the network security monitor system with the intrusion detection technology, it will be more efficient to protect the security of the protected network. At the same time, we can response to the secure events happening in the protected network in a corresponding way according to the detecting results. Therefore, based on the uniting of the security detecting technologies, which are popular today, we put forward a kind of network security monitor model based on the network intrusion detection system, and debate its research of the implementation in detail.The model of the network security monitor system discussed in the thesis uses the popular intrusion detection technology as the main method, and adopts the technology based on real-time NIDS. The model adopts a hierarchical structural frame, and the Whole system is divided into four levels: data collecting, data processing, detection matching and alert processing. In the implementation of the structure, the system adopts a kind of distributed structure, and is composed of the following components: main controller collector analyzer storage detector and response. The communication between every component is complemented by the relevant interface. The whole system has good adaptability, extendibility and does well in the aspect of real time. The design and implementation of every component is introduced in detail in the paper, and the key issues are discussed. Among all of those, the collecting of detecting was accomplished with collector. As the collecting data is base on network, the method of collecting data is capture data packet through network card from Internet. The main work of analyzer was finished with data packet data analyze thread. When the data arrive in the buffer, data packet data analyze thread analyze the data in the buffer. The main task of data of storage is to write the data of original network to the initial database for identification of intrusion, meantime, write the analyze answer to analyze database for analyze the safety rules. The combination of the protocol analysis and pattern matching is used in the implementation of the detecting component. And that reduces the matching range of the targets and improves the detecting speed. At the same time, we improve on the matching algorithm, which makes the system have better real time capability. In the course of the update of the system security rules database, the system updates the secure rules used in matching in time, which reduces the phenomena of false alarms system. At last, failure reports and improves the detecting accuracy of the whole system. Other problems are discussed in the thesis.
|
PDF Full Text Request