| In recent years, with the information and network technology and the rapid development of political, economic or military interest-driven, computer and network infrastructure, in particular, sites of official bodies, to become popular targets for hackers, the strong demand for e-commerce and intensify the growth of this invasion. Network security is a system concept, effective security strategy or program development, is the primary objective of network information security. On the one hand today's society increasingly dependent on networks, network intrusion and attacks the other hand the number of incidents increased sharply. These two aspects of interaction, the former allows the network architecture, protocol and applications become more complex, but also lead to social security problems on the network can gradually reduce the degree of tolerance.Enhanced system security is an effective way to use a relatively easy security technologies, while supporting the security system used for security vulnerabilities that may exist to check the firewall is only as non-defense foreign internal defense, and can be easily around, so only rely on the firewall computer system has been unable to deal with the increasingly rampant intrusion against the intrusion of the second line of defense-intrusion detection system was enabled. Intrusion detection technology is the core technology security audit is one of the important network security components. Use of audit records, intrusion detection system can identify any undesirable activities, thereby limiting these activities to protect the security of the system. Intrusion detection system to attack the invasion before the occurrence of the system, detect intrusion, alarm and protection system using the expulsion of intrusion and reduce the losses caused by the invasion attack.Intrusion detection as a proactive security protection technology, provides internal attacks and external attacks and misuse in real-time protection from network security to the three-dimensional depth, multi-level perspective of defense to provide security services, thus become the security field of hot spots.From the theoretical knowledge to start, given the concepts of intrusion detection, basic principles, describes the classification of intrusion detection technology, intrusion detection system's basic structure and function and so on. Then analyzed the well-known network intrusion detection system Snort, Snort software, and attacks using software Blade, built a platform based on Ubuntu intrusion detection system, and the experimental environment for a variety of research need improvement or adjustment. Deepen our understanding of the intrusion detection system works. Intrusion detection system for the composition of the various modules, articles, analysis of data from the packet capture, signature characteristics of the establishment of libraries, protocol analysis, raw data pre-processing, detection and analysis, several key aspects, with specific examples and experimental instructions to complete the work in these areas to be necessary to use the technology and theory.Finally, in many areas have been successfully used in the set pair analysis theory, assuming that the analysis based on set of the intrusion detection model, using standard data sets, experiments, experiments show that the set theory is applied to the analysis of intrusion detection is feasible and effective, while on Next to continue the research work done to complete the plans and prospects. |
PDF Full Text Request