| With the rapid development of information technology, computer networksecurity has become one of the most important factors of national safety. Being an important ingredient of network security system, Intrusion Detection research is significant both in theory and practice.The characteristic of campus network is that massive traffic of user, the long on-line time, the high rate of user on-line and the complex application of network. The potential risk campus network faced is involved with data information stealing and network facility intrusion. To overcome these problems, we develop this campus network-based intrusion detection system using Linux developing environment.The main work mentioned in this paper is carried by using the intrusion detection techniques synthetically:1. Introduce the conception, the elementary model, the history and the classification of intrusion detection technique. The developing trend of intrusion detection technique is also summarized in the first part of the thesis. The intrusion detection system supporting IPv4, IPv6 and transition mechanism is designed. By analyzing the capture procedure and bottleneck of Linux operating system we point out that using technology of NAPI,Memory mapping can increase the capturing efficiency and detection accuracy which result in the low rate of error report, lose report.2. To overcome the pattern matching problem and the incapability of intrusion data analyze of Intrusion Detection System, we develop a new IDS model. Using the protocol analysis method this new IDS model can enhance the capability of intrusion data analyzing and can also control the network traffic by combining the network traffic prediction model. The tests done show that the new IDS can efficiently protect the campus network, so most existing network attack and intrusion can be detected and protected in time.3. According to the network traffic characteristic, a hybrid wavelet and Kalman filter real time prediction model is developed. Using this prediction model in IDS system, we find that the mean relative prediction error is 4.58%, which manifests that this hybrid wavelet and Kalman filter real time prediction model can efficiently increase the capability of adjusting and controlling the IDS traffic.4. New detection engine is designed to implement the detection function of IPv6.The detection rule involved in this detection engine is compatible with that of SNORT, and the pattern searching is implemented by combining the popular Boyer-Moore fast character searching algorithm. Based on the analysis and induction of common block technology and the deploy method intrusion detection system, we describe the designing principle and deploy instance of block module to organically combine the intrusion detection system and the firewall system. |
