| When more and more web-station was intruded and attacked by hackers, traditional security technology, such as firewall, had not been able to deal them with. Network Intrusion Detection System(NIDS) is paid more attention to by people recently. On the basis of system's inforamtion and ,at the same time, dealing with this information, NIDS aims at looking for the action that infracts some security policy and the object that is attacked. This is a dynamic security technique and consists of detection, log, alert and response. This technique can not only detect external intrusion but also supervise internal investitive activity.This paper discusses a design and implementation of NIDS named JFCSR-NIDS which based on network. In this system, we have a deep research on the basal problem of NIDS, design a rule describing language which could describe intrusion character and complete packet capture, protocol decoding, protocol analysis, rule dealing, pattern matching, intrusion response and logging etc. In a word, this system now have the basal function of NIDS. As a key research, from improving today's NIDS performance, we put forward an intrustion detection module which combined with attack character pattern matching and protocol analysis. This paper present an improved pattern matching algorithm, after analyzing many common matching algorithm. On the other hand, we resolve ip-fragment problem by using link structure, expand the performance of intrusion detection to application layer of tcp/ip network by analyzing HTTP protocol and take many modes of security response which can make network administrators discove intrusion action quickly. Finaly, the author sums up this paper and put forward the next work.
|
PDF Full Text Request