| The intrusion event often takes place. It is not enough to build the safety system only from the defense side. IDS (Intrusion Detection System) is a new type of safety protection technology after traditional security protection method such as firewall, data crypt and so on. It not only detects the intrusion from the extranet hacker but also monitors intranet users. Intrusion detection is an active network safety protection technology.Based on the study on the problem of pure network defense technology, this paper puts forward a kind of new network security technology—IDS. IDS can resolve these problems which the firewall, access control, authentication can't resolve. In succession, dissertate the intrusion detection system in detail, including the basis conceptions, classification, DNIDS's problems and its tendency. Based on the analysis of the centralized NIDS's structure and problems, this paper expatiate a structure of a distributed NIDS which this system adopted. This DNIDS is composed of four parts: LDU,SMU,GAU and MCU.Finally, the author studies the technology of NIDS in Linux including the intrusion technology and system design. Brings forward a integrated frame of a DNIDS, it concludes the following modules: network packet capture module, network protocol analysis module, rules analysis module,etc. This dissertation only designs several important modules. The BPF theory and libpcap are discussed in network packet capture module. It can make system design compatible. In protocol analysis the IP,TCP,UDP and ICMP analysis are discussed in detail. In rules analysis module the rules of intrusion detection are discussed completely. It uses the rules of SNORT. This system attempts to adjust the sequence of rule-matching dynamically, so as to increase the rule-matching speed effectively. In communication module a communication mechanism between unequity is adopted. Exchange interface is implemented with API functions. |
PDF Full Text Request