| It is one of the hot research fields in IDS and new applying way that use IDS collecting electronic evidence while illegal intrusion and malicious behaviour was detected. Based on the reaserch of Intrusion methods and Intrusion process that hacker used and on the guidance of the P2DR model, this paper put emphasis on the reaserch of IDS and protocol analysis tcchnology. Based On the architecture of IDS and combined with protocol analysis and pattern matching technology, this paper also designed a model of protocol analysis based NIDS and computer forensics system, which used in online intrusion detection and offline forensics. This paper introduced the architecture of the model, discussed characteristic and unresolved problems. The paper introduced the realization of various modules of the system, including data collection module, data pretreating module, intrusion detection module, analyzing and finding module. It proved to be a feasible system and can fulfil the needs of IDS and forensics system.
|
PDF Full Text Request