The Design Of Web Based Network Intrusion Detection System

With the rapid development of network technology,people's lives and work more and more can not be separated from the network.However,the rapid development of network technology at the same time,to bring us convenience,but also brought us a disaster.Information in the transmission process,often faced with the risk of being attacked.Although our detection technology is in improvement,but also intrusion is endless.At this time,it is very important to establish a set of perfect intrusion detection system.Intrusion detection system is an active safety protection system,which is integrated with many advanced theories and methods,and its research has important theoretical significance and practical value.Intrusion detection system can be divided into network and host computer according to the data source.This thesis studies the network intrusion detection system.The existing intrusion detection system can be divided into misuse detection system and anomaly detection system.Misuse detection system has a serious disadvantage,that is,the detection accuracy is low,the error rate is relatively large,the detection system has been unable to keep up with the attack means of updating and upgrading speed.Simple misuse detection technology has been unable to meet the actual needs.In consideration of these problems,the object of this thesis is to detect the anomaly detection technology which is relatively fast in unknown attack and response speed.Anomaly detection system is most important is to build a system model,the system first through the statistical and learning methods established the normal activities of the user behavior set,then analyze each a new behavior to determine the presence of unusual activity,is to judge whether there is abnormal phenomenon.Therefore,the model of intrusion detection system is very important,it can directly affect the accuracy of detection.Different models can not only detect the different results,but also can not be the same as the detection algorithm and the detection speed.This thesis presents the design and implementation of intrusion detection system based on Web anomaly.Through the analysis of network traffic system has a large number of users Web normal browsing behavior learning normal browsing model.In the test phase of the Web browsing data for feature extraction,degree of deviation between the model calculation and the characteristics of normal user behavior is acted as a measure of the degree of abnormal.In this paper,through the design of the database and intrusion detection system model design to form a web anomaly based intrusion detection system,six modules of this system are user management module,data acquisition module,protocol analysis module,anomaly detection module,judgment module,system log and alarm.Then,we test the design of the system to determine the existence of this system.We use black box testing and white box testing to determine whether the system is in line with the established requirements.Test results show that the anomaly detection system designed in this thesis can detect a given attack,that is,the system is reliable,the system also has the following characteristics:(1)Monitor and analyze user behavior.(2)Examine the vulnerability of the system and the configuration of the network.(3)Assess whether the data is complete and whether it is stable.(4)This model can quickly identify abnormal intrusions.