| Although Encryption, Authentication, Firewall and other traditional network security technology have taken some effect, but they only provide passively defense, thus can't satisfy the demand of the network security completely. Intrusion Detection, as a kind of new and initiative recovery technology which provides real-time protection to network system, keeping away attacks from inside and outside and intercepting intrusion before it harm the system, comes into spotlight and plays an important role in many situations.In consideration of the disadvantages of current IDS (Intrusion Detection System) in extensibility aspect, this paper researches the technology of constructing IDS with dynamic extensible modules. The Dynamic Extensible IDS is implemented with loading or unloading dynamic modules. The main content of this paper is:(1) Researching the system's architecture, flowchart and the function structure of each part of Dynamic Extensible IDS. It makes the relation between dynamic modules clearer and function extension easier, then the system can extend intrusion capacity and work with other security systems easily by adding some dynamic modules.(2) Defining a kind of rule, which separate the network packet to head node and optional node to describe intrusion, according to rule head node putting forward an algorithm of classifying intrusion rules with balance AVL tree which improves the system's matching efficiency.(3) Developing a Dynamic Extensible IDS with Plug-in structure, according to the design of system framework and function structure of each module.Testing the Dynamic Extensible IDS in realistic environment with function testing, stress & evasion testing, withstand attack testing, data set attack testing, it is proved to be higher intrusion efficiency and lower mistake checking rate, and can satisfy the demanding of daily using. |
PDF Full Text Request