| This paper first describe the IDS module based on state-transition technology, analyzing the differences and connection with other IDS system,especially which based on traditional signature-matched approach. Then discussed the principle,mechanism and implementation. Parsing dependency of parts which consist of system. Through localizing the basic configuration of single IDS, the control part has been centralized on single platform, it can generate profiles according each sensors practical need. Based on research on STAT tech, this article implement the following parts: 1. analyze the main approachs that attack the web server. Implement the IDS that can detect the activity that violate the access control regulation, buffer overflow, and repeated access failure. 2. this web IDS can combin response moudle with the new linux firewall netfilter/iptables, the runtime setting of regulation of the firewall can be easily implement, this paper discussed its method by using bash shell script.
|
PDF Full Text Request