| The society has an increasing demance on computer networks as the information technology and the Internet develop.The openness of computer network not only convenient our life but also make itself tenderness to attacks. Any network action, which attempts to undermine the integrity, confidentiality, and availability of information systems, is called network intrusion. To guard against these network intrusions we have several common methods, firewall (Firewall), anti-virus software and user authentication, encryption and intrusion detection.As a pro-active mean of defense, Intrusion detection System (IDS) plays an important role in the entire network security protection system. IDS detect any action to find out those cracks the network system, and give an effective response to these particular actions. IDS is based on Snort, a strong light weight Network Intrusion Detection System (NIDS) which can recognize and warn various patterns of net attacks by analyzing real-time data flows and logging IP data packages.Session Initiation Protocol (SIP) is a text-based application layer control protocol. Service Abnormal, Theft of Service, as well as Abuse of Service etc., according to these SIP security threats, I designed a intrusion detection system for SIP misuse. By catching and analyzing SIP packages, the SIP-BADS applies a pattern matching, analyze register & response 4xx actions, to determine whether this particular package is legal or not. After this determination the SIP-BADS will static legal users'patterns to set a warning line, according to which the user's conversation will be approved or abandoned analysis of legal and illegal SIP packages and write the database. |
PDF Full Text Request