Design And Implementation Of Linux Host Intrusion Detection System

With the rapid development of computer technology,computer has entered every field in the society and the daily life of people.Whether in working,studying,shopping or entertainment,everyone enjoys the convenience brought by computer technology.However,every coin has two sides.When we use computer technology to change our lives,some lawbreakers also invade our computers to steal our personal information through wielding the hacker technology.Based on this situation,the host intrusion detection technique has been widely concerned.The host intrusion detection,as the second line of defense after the network detection,mainly detects the ongoing attacks inside the host,detects the intrusion in time and then prevents it,so as to protect the security of the host.The research objective and significance of the host intrusion detection system are analyzed at first,and the research status of the host intrusion detection system at home and abroad are expounded to a certain extent.After that,the Linux host intrusion detection system is designed and implemented.The intrusion detection strategies of the system include the rule set matching and the detection model for system call.The rule set uses the rule decoder to parse the log information,and uses the built-in rules to match.System call records the access of user process to system resources.The system can detect intrusion behavior from the perspective of system call through using the detection model.The system considers etcd as the registration center to complete the distribution and execution of system tasks through the registration monitoring mechanism.The system is composed of Agent,Daemon,Log Collection Platform and Server.Agent,as the role of the collector,collects the behavior information generated by the system.Daemon,as the guardian service,blocks the attack process in real time by receiving the command from the server.The Log Collection and Processing Platform is responsible for the collection and preliminary analysis of the logs.Server is the core of the whole system,covering the intrusion detection,the task distribution and the alarm information query.The host intrusion detection system can protect the security of the host.When the host is detected to be attacked,the host intrusion detection system will alarm in real time and block the attack process,which provides an effective host detection and protection method for the security administrator.