| With the development of network, network security is becoming more important: Manysecurity technologies have been used in network security fields. But most security measuresbelong to passive defense and are lack of positive safeguard.Intrusion detection is a rising technology of network security system and a positivedefensive technology. It becomes the focus of computer and network security experts' attention .It can detect network security leaks on timely, response quickly, enhance network security, andmake intrusion more difficult.In this paper, we introduce the Intrusion Detection System in the following aspects such as intrusion detection model, detection theory and detection techniques. And we study the theory of TCP/IP stack fingerprint. After these researches, we provide an Intrusion Detection Technique based on Feedback of the victim computer. This technique decreases the false alarm (positive) rate obviously. The theory is of this technique is that after find an attack, the ids doesn't alarm immediately but only register the attck. And the ids wait for the feedback to this attck of the victim computer. After receive the feedback or the time given beforehand is out, the alarm is raised.We design the technique in this paper. It uses two detection techniques: misuse technique and technique. It is implemented on the basis of Snort which is a famous IDS.Finally, some features unimplemented and some problems for further study have been addressed in the last portion of dissertation. |
PDF Full Text Request