| With the development of information technologies, the problem of computer crime is become more and more severity, it directly endangers the normal order of politics, economy, and culture. Currently, the network security study is more focus on guarding against intrusion; there is little study for the intrusion forensics. However, computer forensics technology can pursue intrusion, repair the leak of security, consummate the security structure, but also can consummate the law correspond to computer crime.It is one of the hot research fields in IDS and new applying way that use IDS collecting electronic evidence while illegal intrusion and malicious behaviour was detected. This paper put emphasis on the reaserch of IDS and protocol analysis tcchnology. Based On the architecture of IDS and combined with protocol analysis and pattern matching technology, this paper also designed a model of protocol analysis based NIDS and computer forensics system, which used in online intrusion detection and offiine forensics. This paper introduced the architecture of the model, discussed characteristic and unresolved problems. The paper introduced the realization of various modules of the system, including data collection module, data pretreating module, intrusion detection module, analyzing and finding module. It proved to be a feasible system and can fulfil the needs of IDS and forensics system. |
PDF Full Text Request