Study And Implement Of Linux-based Multi-intrusion Detection

computer network and individual hosts suffer more from Internet developed. How to establish the network and operating security system is a key issue for all of users.From the operating system and network intrusion prevention aspect, the first step is complete network operating system monitoring and filtering information, making more secure for operating system and network transmission. The present good measure is to drive and load the controlling module into the kernel of the operating system. And in internet, the key monitoring system should be placed beside the export nodes of the network in order to quickly filter relevant information. It is also the most efficient way for all the firewalls and other anti-virus software to take.In this article, we called the linux monitoring technology in the multi-channel means that the host monitoring network and operating systems at the same time. From comprehensive aspects to conduct the monitoring of the network and operating systems attack, it is making the existing network environment more secure with high coverage rate.The designed system in this Dissertation has two major modules: one is the operating system the operating system kernel monitor module, a method to improve the defection of POSIX.1e standard capability module. In addition, the treatment of monitoring and controlling were performed on the operating system kernel layer after loading improved module at the kernel of Linux Security Module (LSM) framework. Furthermore, a series of operations were completed, which included the process trust-like privileges arbitration, security i-node operation, information feedback, queue operation and series treatment etc. At last, the character devices were used to feedback the monitor information to application layer and performed security control. Comparing some security mointor model loaded with original capability module, the results of the experiments show that the scheme proposed in this paper not only improves efficiency of system operating, correct rate of monitoring, and coverage of system scanning, but also keeps better monitoring performance in system resources occupancy rate and several parameters.Another is Network Monitoring and defense module. Research the principle of packet monitor to handle high volume packets by using the underlying library Libpcap capture in Linux operation system. Semi-polling with New API(NAPI) was also used to ensure the speeding up of the process of packets in input buffer. Finally, the queuing theory was used to ensure that the optimal bandwidth value and relevant parameters were set to achieve the best efficiency. Use the Bayesian models for normal data, and distribute denial of service attack on the training data and then use back-propagation neural network (BPNN ) for the early data on training, so that the training data can be generated by the detection of model optimization, and the defensive rules can be generated. The main advantages of this system are: firstly,the linux system can make some improvements to enhance the efficiency of the existing packet filtering, in attacking target side before the commencement of attacks is rejected; two rules of self-adaptive learning model facilitate the re-development of learning in order to prevent new attacks.Experimental results demonstrate that the scheme not only increases the rate of packet capture, but also improves the occupancy rate of system resources in many figures significantly.