Study And About Intrusion Detection System On The Basis Of Protocol Analysis

The military information network of our army has been highly effective by developed for about ten years, it is the requirement of information war to realize the information and automatization of the battle notes such as battle control , weapon equipment and the battle ensurence, which engendered the security problem of information network.The protocol analyses that is a relatively advanced information detection technique at present to proceed from the peculiar regularity of network communication protocol.It has overcome some fundamental defects of the traditional pattern match technology,and it is a research focus in the Intrusion Detection field.This thesis made a study on Network Intrusion Detection by the protocol analyses technology.According to the reality of invasions in the LAN,the thesis made a Intrusion Detection System which detects the acts of invading what appear relatively frequently in the LAN on the basis of the protocol analysis technology.This thesis realized the part of data collection of Intrusion Detection System by the network monitor technology in the environment of Ethernet,and carried out the part of information detection by the protocol analysis technology.and achieved the part of dealing with the result by giving the alarm.There are two kinds of invading and attacking action in this thesis.they are the model of using HTTP,and the model of using TCP.In the invading and attacking actions of using HTTP,the targets studied are the URL address cheating actions of using and reusing HEX code.In the invading and attacking actions of using TCP,the targets are the actions of TCP SYN Scanning and TCP SYN Flooding.The results show that:(1)In the invasion activities of hacker's utilizing HTTP,the address cheating behavior is general for it can avoid the detection of IDS.But this kind of invasion cannot avoid the detection of IDS using the protocol analysis technology.(2)In the invasion activities of hacker's using TCP,the actions about scanning and Denial of Service utilizing the three-handshake protocol are general.The characteristics of the actions are dynamic for its lie on a series of packets from beginning to end. So the IDS using the traditional pattern match technology cannot detect these actions effectively,but the IDS using the protocol analysis technology can...