| Intrusion Detection System is one of the primary means to protect the safety of networks and hosts. After analyzing the development of present situation of the technology of the IDS, we discuss the technique and process of the capturing and decoding of the network packets, then designs and implements a MINIIDS in the Linux.In this paper,we have achieved a network intrusion detection system MINIIDS in the Linux platform . The system is to follow the standard CIDF , including packet capture, protocol analysis, show that storage, analysis rules, intrusion detection and response to the 6 module. The data packets capture module is based on the Libpcap. The protocol analyzing module decodes and classifies data packets referring to the TCP/IP protocol, and mainly analyses 5 protocols: IP,ARP,TCP,UDP and ICMP. The message of analyzed data are stored in Mysql database. It have good versatility.On the basis of analysis of the current methods of network attacks and the rules in network intrusion detection, we designed the three-dimensional module list data structure in analysis of rule module , Treasury will rule in accordance with the rules of all types added to the list of the corresponding three-dimensional position. This data structure can save the time and space efficiency when the network intrusion detection system Organizing the rules, and to be able to significantly reduce run-time system to match the rules of the time consumed.Finally We demonstrated the operation of the interface and operating results in MINIIDS , sets out the parameters of the system model and options , and designed the six test cases to test the feasibility of intrusion detection system and the efficiency of detection. The results show that in the current network environment, the system can identify attacks of network and report warnings effectively. |
PDF Full Text Request