Intrusion Detection Of Campus Network

Campus Network in university plays an important role in teaching, scientific research, and management. With the scale of the campus network being increasingly expanded, the problem of network security appears to be more and more serious. Traditionally, the firewall is the primal line of defence, but it is a passive defense technology. The Intrusion Detection System (IDS) is an important part of the computer network security,and it realizes real-time intrusion detection, therefore actively avoiding being attacked.This thesis addresses how to implement the intrusion detection system in campus network. The paper is divided into five chapters. The first chapter surveys the state-of-the-art of intrusion detection and the related problems. The second chapter provides the details of intrusion detection techniques, in particularly, it introduces two concepts (network-based IDS (NIDS) and host-based IDS (HIDS)), and the distributed IDS. Besides, this chapter proposes three intrusion detection methods (misuse detection, anomaly detection and integrality test), and discusses the applications of the artificial neural network technology,expert system technology,and pattern reasoning technology in the IDS. The third chapter deals with the design of IDS in campus network. Based on the analysis on the issues of the campus network establishing and security, it presents a new function model of IDS, which includes the data packet capture module, the data packet analysis module, the intrusion detection module, and the logs module. The design of these modules, with the exception of the logs module, is discussed in detail. The fourth chapter is focused on the implementation of IDS by using Visual C++, and gives correlative test data. The fifth chapter directs the future research in this area.In spite of the efforts devoted to this research, there is still a long way to go before the designed IDS can be practically applied, because the Intranet covers the entire campus, and how to realize the detection of crossing over switches or subnets is a problem yet to be solved. In addition, the system handling ability is also a factor that the designer must consider.