| Today the security problem of the network is more serious than before. The traditional technology of firewall can't full the request of security on thecomputer system. Now IDS( Intrusion Detection System ) technology developsquickly this day. It become more and more important on protecting the network. It is a technology which can protect our information. It can monitor our systems or networks, and find intrusions, It is an important part of the Network Security System, it extend the firewall. When more and more company put their core business on the internet, IDS will play a key role in the Enterprise Information Security.First the thesis analyse security problem of this day and discuss the network protect technology today. Then it make an introduce to IDS, include the history of IDS, the development of IDS and the type of IDS, familiar intrusion and intrusion detection method nowadays, IDS standardization,where the IDS put on the network, the actuality and shortcoming of IDS. At the same time, it analyse the aspect of IDS in the future. The third part, it discuss a module of IDS. This module refer the CIDF criterion. It has five parts(Event generators, Event analyzers, Event databases, Response units, remote manager) Base on this module, I design a IDS model system called NetDetection. It use the winxpddk module named winpcap capture packets of networks. The read the packets through symbol link. Then it decodes packets based on special protocol. Then it filtrate the packets through IP address and port which the user define. The packets are showed and record to logs. The other packets are take through to the Event analyzers module to detect scan attack. The items are showed at capture window. The system takes rules from the Event databases and compares the packets head. While it finds the scan attack, it reports to administrator and record the event to logs. At the end we make experiment and find it can detect several familiar scan attack. |
PDF Full Text Request