| The network security is a systematic concept. An effective security tactics or scheme is the primary goal of network security. The technology of the network security mainly includes the authentication, the data encryption, access control, security audit etc.Intrusion detection technology is one of the key technologies of security audit, and an important component of network security. As one network security technology, Intrusion detection provides protection from the attacks inside and outside, or the misoperation in real time. It can monitor the network in case of not influencing performance of the network, and improve the integrality of the infrastructure of network information security.As traditional security prevention tactics are static security technologies such as firewall, to some certain extent unable to make positive response to ever changing attack means, and thus can not meet the ever highering security requirement, thereby resulted in the advent of IDS (Intrusion Detection System) - a field about security. There exist all sorts of defect in traditional IDS such as false acceptance and false alarming together with failure to detect newly advent intrusion, however, BIIDS (Biological Intrusion Detection System) can protect human body from such pathogens' infringement as bacteria and virus, besides the advantages menttioned above it also exhibits such characters as distributed protection mutiple varities self orgnize robust so forth and so on.. This startling similarity with IDS' function and character intrigued people's great attention, and makes it research focus by drawing lessons from biological immunity to develop IDS.As traditional security prevention tactics are static security technologies such as firewall, to some certain extent unable to make positive response to ever changing attack means, and thus can not meet the ever highering security requirement, thereby resulted in the advent of IDS (Intrusion Detection System) - a field about security. There exist all sorts of defect in traditional IDS such as false acceptance and false alarming together with failure to detect newly advent intrusion, however, HIDS (Human Immune Detection System) can protect human body from such pathogens' infringement as bacteria and virus, besides the advantages menttioned above it also exhibits such characters as distributed protection mutiple varities, self orgnize robustness so forth and so on.. This startling similarity with IDS' function andcharacter intrigued people's great attention, and makes it research focus by drawing lessons from biological immunity to develop IDS.In the this dissertation, I introduced the background of this paper, biological immunity system,classification of virus, conducted deep reaserch on overall design of IDS system, network data collection, abstracion of characteristics, generation of detctor, matching rules of virus packets. And come up with improvement about distributed mature detector's generation algorithm. And finally conducted algorithm contrast simulation experiment by using snort and conducted three times attack emulation.And got satisfactory result.The regular part drew lessons from classic snort rule description language, such kind of language is simple flexible easy to expand and powerful,and can describe most intrusion activities.Data collection module adopted development packet WinPcap which is especially designed to data monitoring applicaion programme to realize data collection. The BPF(BerKeley Packet Filter) filter mechanism and many interfaces realized in the inner core layer which is in the development packet can not only improve monitoring effecience but also can lower the difficulty of development. Meanwhile WinPcap is transplanted from LibPcap of UNIX platform, they have the same interface, decrease the difficulty of developing network agent on different platform.Although there is still a long gap between research achievement and the real applicable product, through the system's design and realization the system is equipped with the basic IDS function... |
PDF Full Text Request