| Intrusion detection is a protection technique after the traditional techniques such as firewall. In this paper, I first introduce the PPDR model (Policy, Protection, Detection, Response).In the second chapter, I introduce Common Intrusion Detection Framework (CIDF), some methods used in IDS, the development of IDS and so on. NIDS's excellence is low expense, no depending on OS, no using the host's resource. In the third chapter , I design and realize a IDS----EIDS, which is the keystone in the paper. EIDS is an intrusion detection system that works by passively watching traffic seen on a network link. It is built around an event engine that pieces network packets into events that reflect different types of activity. Some events are quite low-level, such as the monitor seeing a connection attempt; some are specific to a particular network protocol, such as an FTP request or reply; and some reflect fairly high-level notions, such as a user having successfully authenticated during a login session. In the third chapter, I present the characteristics, structure of system. The protocol parsing can find the intrusion effectively.Then I realize the distributed detection in EIDS and the intrusion response. Lastly,I introduce the language of policy interpretion.In the fourth chapter,I test the EIDS and give the result. |
PDF Full Text Request