| Firstly, the behavior of hacker intrusion and the network security model are analysedin this paper. Based on this, the conception of Intrusion Detection (ID), the systemarchitecture and classfy of Intrusion Detection System (IDS) are described in this paper.The Misuse Intrusion Detection System and Abnormal Intrusion Detection System featuresare described. Two intrusion detection standards of the Intrusion Detection Working Group(IDWG) and the Common Intrusion Detection Framework (CIDF) are also mentioned inthis article.Furtherly, the detailed design and realization of Network Intrusion Detection System(NIDS) based on CIDF framework under Linux Platform is described in this paper.TheMisuse Intrusion Detetion technology and Abnormal Intrusion Detection technology areused in this NIDS. It realizes Packet Capture with Libpcap and analyzes the intrusionbehaviors, and a intrusion signature database is defined upon this. Analysis rule is realizedwith the rules analysis module. For the captured protocol data packets, they are decodeswith different protocols. It also includes the part of IP fragments reassembling, TCP streamdata reassembling with Libnids. The decoded packet is given to intrusion event detectionmodule, which will make a response to the intrusions. The intrusion event detectionmodule adapts faster matching arithmetic and increases the system's performance.In the end, the author gives the result of test and the conclusion of the NIDS that theport scan, Trioo attacke, CGI scan and so on are detected. |
PDF Full Text Request