| With popularization and application of network, network security situation has become increasingly severe. As a key measure of network dynamic defense, Intrusion Detection System (IDS) can detect interior misuse and exterior attacks, and solve problem faced by network security better. But, owing to weakness of traditional technology and improvement of level of attack, IDS must develop continually, too.The subject is a branch of the project "active intrusion protect system" . The project belong to zheng zhou the science and technology bureau. In the paper the main ideal is aim to the technology of evading IDS to proposal a new measure.Firstly, after introducing concept and history of IDS in brief, this dissertation lucubrates and analyses the problem that IDS face now. Then we analyzed the weaken of IDS and sorts of the technology of Anti-IDS, and then we design and implement the benchmark test tool-Tester. This tool is aim to test the technology of evading IDS by utilizing the weaken of network layer and the transmission layer. And then we test the snort2.2 by using the tester and the hacker tool, from the result we find a critical problem faced by a Network Intrusion Detection System (NIDS) is that of ambiguity is the main reason that producing the make false positive and false negative. At the next part so we present a lightweight solution, Active Mapping and implement the system prototype, which eliminates TCP/IP-based ambiguity in a NIDS' analysis with minimal runtime cost. The key idea is to acquire sufficient knowledge about the intranet being monitored that, using it, the NIDS can tell which of those packets will arrive at their purported host. we will utilize the database of active mapping combine with the IDS improve it's the detect accura Finally, We academic analysed the detection sensitivity of IDS with active mapping. |
PDF Full Text Request