| With the rapid development of network technology, a variety of network applications are more and more popular, and they have become part of our modern society. At the same time, the security problems in network are got more and more serious. The network security and the reliability are greatly regarded to, and they have become the hotspots in current network researches and developments.Currently, the technologies used in network security system are generally based on traditional firewalls, intrusion detection and vulnerabilities scan. These passive defense tools have not been able to meet the needs of network security. Amalgamations and cooperation of security products are the important development trend of network security. Basing on the researches to the current intrusion detection systems, firewalls and honeypots, this paper designed and realized a Network Intrusion Detection System. The system can not only monitor data packets stream in network, but also conduct the honeypot decoy function. Besides, the system can also interact with Netfilter/iptables firewall. The system has supplied an integrated network security solution. Therefore, the system can make up for deficiency of the traditional network security defense tools and can enhance network security to some extent. The paper's specific researches and implementation includes:Analyzed the popular network security models and techniques about intrusion detection and event response, and pointed out urgent problems with intrusion detection from the perspective of dynamic defense.Researched and analyzed the techniques about active defense of honeypot decoy, and designed and realized the system's honeypot decoy module.Researched and analyzed the techniques about intrusion detection, and made improvements to AC multi-pattern matching algorithm to realize this algorithm based on NFA. Additionally, designed and realized the system's intrusion detection module.Researched the technologies about interaction between intrusion detection and firewalls in detail, and designed and realized the interacted subassembly in the intrusion detection module. The system has realized interacting with the firewall to strengthen the control to network packets.Tested the system's functions and gave out the related data, analysis and results.The test results show that the system can decode network packets correctly and detect the intrusions in networks effectively. The results also show that the system can decoy attackers actively and interact with firewall to make response, so as to strengthen the control to network and protect network resources effectively. |
PDF Full Text Request