| The technology of Intrusion Detection means to surveil run status of a system and searchattempt of attack, action of attempt and result of action, which support integrality, confidentialityand usability of resource. Intrusion Detection System consists of the combination of softwareand hardware which can detect attack actions. Today, Intrusion Detection Systems mainly usethe technologies of pattern matching and protocol analysis. The traditional speed of techniqueof pattern matching detection is slow and veracity of detection is not high, which occupies moreresource of the system. The technique of protocol analysis is mainly adopted by the nextgeneration IDS, which analyses the rules of tcp/ip protocol and detects the attack more rapidlyand exactly. The IDS based on technique of protocol analysis can reduce rate of missing alarmand falling alarm, also it has advantage of reducing usage ofresourse of the system.This thesis points out position of Intrusion Detection System in security fields, introducesbasic principle of IDS, puts forward a distribute IDS framework according to CIDF, which isbased on protocol analysis, and still analyses the framework, composing components and itsfunctions.The cores of the IDS are real-time and veracity. With the development of highspeed network,the data flow of network becomes great, it is the present focus how to detect the packet of data innetwork in real time and veracity (false positives and false negative). The key content of thisthesis is based on the above two points of improving its detecting speed and exactness. Thefellowing techniques are adopted in designing the IDS. (1)develop component of capturingpackets with high speed based on LIBPCAP. (2) Adopt the technique of zero copy to improvecapability of component of capturing packets. (3)the technique of protocol analysis. (4) ruledescription. A archetype of a facile IDS is developped based on the above techniques.In the end, the thesis discusses the research status and future development of IDS. |
PDF Full Text Request