Linux-based Network Intrusion Detection System Research And Design

As a kind of active security technique,intrusion detection system(IDS) not only can detect the unanthorized object to intrude the system ,but also can monitor the authorized object to use the system resource unlawfully.With the internet be used increasingly,more and more people attach importance to the intrusion detection system based on network(NIDS).At the same time ,it also meets many the requirement of the band increase , how to reduce the false positive and false negative to enhance the accuracy of the detection .Firstly,this dissertation introduces the network safety problem and method including network safety aim,network threaten,traditional network safety technology and the network safety model PPDR.Secondly,this paper discusses the IDS in detail.The anthor discusses many kinds content of intrusion detection including the reason,function,standard and so on. IDS can be divided into two different types according to its origin of data. One is based on host and another is based on network. This paper mainly discusses the theory of network intrusion detection system. Thirdly, intrusion detection model and intrusion detection technology is discussed.IDS analysis methods have two ways. One is anomaly detection and another is misuse detection.Then , this dissertation discusses the design and architecture of network intrusion detection system.The whole system frame is divided into seven parts:network packets capture module,network protocol analysis module, rules analysis module ,intrusion event detection module,response module, storage module and interface management module. This dissertation also introduces the system data flow graph,function flow graph and architecture. It maily discusses network packets capture module,network protocol analysis module, rules analysis module,intrusion event detection module.Some improves were given to traditional intrusion detection system:Firstly, this dissertation brings forward a kind of detection technique based on protocol analysis to solve the vast computing amounts and a high rate of the false alarm problem of the traditional pattern-match method.The protocol analysis method takes good advantage of the high rule of the TCP/IP protocol to detect the attack, so the computing amounts can be reduced clearly. The system mainly analyzes the protocols of IP,ARP,TCP,UDP,ICMP.Secondly, this dissertation designs the intrusion language aiming at the problem of renewing the regular storehouse. The user can establish new rules using the language and describe the new attack using the new rules.He also can increase the regular storehouse dynamicly .Therefore ,the system becomes simple .