The Research And Implementation Of Host-Based Intrusion Packet Detection System

As the utility of Information Network into all fields of our society, the problem of information security is more and more concerned by the people. The network gives people an information-exchange platform, and security is essential to information-exchange. It is the importance of information-security that attracts more concern of both research and business year by year. Present security products include firewall, Intrusion Detection System and Virus killer software. They are stronger and stronger, and tend to integrate and operate together. Although there are a lot of security organization, a lot of people on security and a lot of security products, an ascend trend of intrusion events were shown in the CERT security report. In recent years the flooding of worm gives new challenge to the network with security products set at borderline on the following points: the worm infection caused by portable PC can not be solved, the obscurity of border makes border-protection difficult, the utility of remote-dial-up,VPN and wireless LAN makes the network go beyond the restriction of firewall.The dissertation takes the project"Active Security Defense System"funded by Jiangsu Science Foundation as its background , uses the Host-based Intrusion Packet Detection System(HIPDS) as a part of the"Active Security Defense System"to solve the security problem caused by portable PC. The problem is mainly because the portable PC may be infected while moving among different places, thus being a virus taker; while the HIDS is special for single PC, so the HIPDS can solve the problem.The HIPDS that this dissertation introduced includes 3 parts, they are Data collection and analysis module,Intrusion Detection Rules Database and IDS engine, using the abnormal based detection method to construct a protection system for single PC.The main contributions include:1) An idea of construct HIDS with the misuse detection method2) Designed the data collection and analysis module with WinPcap3) Designed the HIPDS intrusion description language rules4) Designed the detection engine with nondeterministic automata...