| With the popularization of Internet and the development of Network technology, the security problem of network is more and more prominent. In many network security technology, Network sniffer and Intrusion Detection is the very important and attractive technology to many computer operators.Basing on the pivotal technology of network sniffer and Intrusion Detection, The thesis researched the implementation of the lightweight intrusion detection system in windows system. The intrusion detection system chooses the misuse detection technology.The main content of the paper is divided into four sections: Section 1 mainly explores the windows network architectonics, analyzed the program of NDIS, and introduced the main network data capture schema of lower layer; then introduced the mechanism of packet capture and filter, and analyzed the framework of Winpcap in capture and filter packet on the bases of former work. Section 2 studies the important technology in IDS. In the detection of protocol analysis model, we mainly studied the fragment reassembly of IP packet on the bases study of TCP/IP protocol. In the detection of pattern match model, we analyzed several kinds of pattern match algorithms such as: KMP, BM, BMH and multiple pattern match algorithms (wang 2002). After this, we analyzed the security of IDS. Section 3 introduces the design and implementation of system. According the CIDF pattern, the system was divided into five fundamental modules: packet capture, network sniffer, rules disposal, data analyze and system reaction. Each module mapped to different applications and the system function was introduced in brief. Section 4 summarized the research work of the thesis. Some problems and improvement suggestion was concluded. On the studies of bottleneck of system function, we bring forward the succeed exploitation direction. |
PDF Full Text Request