| Taking the research on the network intrusion detection technology and application framework, this thesis attempts to bring some help to the study of NIDS in the today' s increasingly extended network and helps application of the skills from the TCP/IP network to the others.In this thesis, firstly, constructing a framework to analysis NIDS with the definition of the three attributes of NIDS and three factors of detection technology, following by analyzing the misuse-based and anomaly-based technology as well as the NIDS application framework. And then, describing the design and implementation with some NIDS technologies, such as keyword matching, security audit and honey pot in TCP/IP network. At last, giving two suggestions, on improving the NIDS technology.In chapter 1 and chapter 2, after giving out the causes of network security trouble and the relationship of elements that constitute a robust network security strategy, defining the intrusion, the intrusion detection and three attributes of NIDS. In chapter 3, based on the definition of the factors of detection technology, analyzing some characteristic detection technologies, reasoning the advantage and disadvantage between misuse-based technology and anomaly-based technology. In chapter 4, classifying the NIDS application framework. In chapter 5, with relative projects in TCP/IP network, describing in detail the design and implementation of keyword matching, security audit and honey pot. In chapter 6, giving two suggestions how to merge misuse-based technology and anomaly-based technology. |
PDF Full Text Request