| With the development of computer network and information globalization, security of computer network become a serious problem. So, we need a network security technology to found intrusion immediately and block it successfully, that is IDS(Intrusion Detection System).This dissertation introduce the present status of IDS, analyze it's architecture, policy and commonly used technology. Then we focus on the intrusion detection method based on immune theory, and bring forward a immune intrusion detection module with the mergence of network diagram and system call detection, and the mergence of Misuse-based and Anomaly-based detection.Many Immune-based IDS watch the host system calls. This dissertation carefully analyze the Forrest's IDS based on system call. And in the same time we compare the merits and drawbacks between this method and several other method. In the same time we point out that there biggest common shortcoming is to using fix-length system call sequence. To eliminate this drawback, we can use variable-length pattern method. Rigoutsos use Teiresias compound-pattern discover algorithm to find meaningful segment in evolutional genes, and this is a typical variable-length pattern discover algorithm. Wespi improve this algorithm by reducing the redundancy in it, and lessen the pattern database for the better usage in IDS.All the method mentioned above using single pattern, and they have performance in storage and pattern matching. After scrutinizing the variable-length pattern system call matching algorithm, this dissertation improve storage method of two-link tree and introduce a better method with auxiliary Jump-Node. This method is more suitable for the variable-length multi-pattern matching. Experiment shows than this method can reduce storage space and improve searching efficiency remarkably.At last, this dissertation construct a IDS based on variable length system call sequence using Linux Kernel Module on Linux environment. |
PDF Full Text Request