| With the construction of the third stage of "Golden Tax" Project, the scope of"Golden Tax" Network is expanding and the function is enlarging. Single securitymeasures cannot meet the requirement of the development of "Golden Tax" networksecurity, and passive defence measures, in representative of firewalls, show obviousshortage. As the second line of defence, the Intrusion Detection System can make upthe shortage of firewalls effectively, showing the features of active defence.This article starts with the actuality of "Golden Tax" network security, analyzingvarious ways in intrusion process and various network security technologies,introducing general solution of network security, emphasizing on the researching onIntrusion Detection technology, introducing the basic principle and categories of IDSmethod, analyzing merit and demerit of various detection method, and summarizingthe problems and challenge of present IDS, and designing and realizing a distributedIDS in "Golden Tax" network, which is based on the practice of Tax System andadopting general detection method. The network detection unit of the system modeladopts matching-based signatures detection method, while the part of host computerdetection adopts nerve network-based anomaly detection method, and try to combinethe host-based intrusion detection and network-based intrusion detection, signaturesdetection and anomaly detection to make up each other in advantage, and the object isto avoid or reduce the hidden security troubles in and out of revenue as much aspossible.The designed distributed IDS in this article aims to the level of city and bureau in"Golden Tax" network. The network detection unit has been tested by Stick Tools.The test results are: The network detection unit could discover 568 kinds of attacks inrules stack, and the system is not collapsed under the wanton and indiscriminatebombing of Stick. The designed IDS meet the detection requirements better, achievethe designed demand, and are practical in usage. |
PDF Full Text Request