| Nowadays Internet has developed greatly while the network security problem becomes more important. The main threat of the Internet security is that the information system was broken in through the network. Intrusion Detection System (IDS) acts as the effective complement to traditional protection techniques. At the same time, intrusion technique and means have been developed and changed greatly. So protecting computer system, the Internet system and the security of all information establishments have become an urgent problem without time to delay.The hacker uses a lot of tools and means to hack a target PC, this paper mainly research DoS attack (Denial of Service Attack). Hacker scans port of the target, based the TCP/IP protocol. Typical TCP port scanner sends a packet with SYN signal. If the port is open, the target PC will return a packet with SYN/ACK, otherwise it will return a packet with SYN/RST or no return. The port scanner does not directly attack the target, but collects the information of the target, finds out its weakness, and makes the next decision.IDS listen to the network, analyses the packet, judges whether it is intrusion and needs to send alarm signal. This paper uses anomaly intrusion detect technique, first will found a modal of normal user, and compare with its stander. If the comparison result exceeds the threshold predefined, IDS will send alarm.After analyzing the main modes of the IDS currently, the author gives readers IDS based Common Vulnerabilities & Exposures. The author also describes the architecture and their functions and the design and the implement of the software on the duplicated fault tolerance. The mainly modules include data collection, data pretreatment, intrusion detection, and alarm. Base of a normal action model, the author gives a anomaly IDS. It improves the efficiency and veracity. |
PDF Full Text Request