TIDS系统的设计与实现

IDS系统的设计与实现摘要随着网络技术的发展，网络环境变得越来越复杂。对于网络安全来说，单纯的防火墙技术曝露出明显的不足和弱点，因此很多组织致力于提出更多更强大的主动策略和方案来增强网络的安全性，其中一个有效的解决途径就是入侵检测。本系统是一个基于特征分析的网络入侵检测系统，采取模式匹配检测方法。将用户正常的习惯行为特征存储在特征数据库中，然后将用户当前行为特征与特征数据库中的特征进行比较，若两者偏差足够大，则说明发生了异常。系统实现了对数据包的拦截与捕获，并对其进行分析。通过对用户的非正常活动进行统计分析，发现入侵行为的规律，同时识别反映已知进攻的活动模式并向相关人士报警以达到入侵检测的要求。本文讨论了IDS的分类，网络入侵检测系统（NIDS）的结构及各模块的功能,利用关联规则，对用户正常历史数据进行挖掘，并对产生的规则进行归并更新，生成异常检测数据模型，并利用此模型实现基于数据采集的异常检测.实验表明NIDS可以检测伪装攻击、非法用户的攻击，通过实验给出了相应的检测信息、入侵检测结果。关键词：入侵检测，数据采集，关联规则，模式匹配目录第1章绪论······················································错误!未定义书签。1.1引言·····································································错误!未定义书签。1.2课题背景·······························································错误!未定义书签。1.3系统介绍·······························································错误!未定义书签。1.3.1入侵检测系统分类·············································错误!未定义书签。1.3.2系统要达到的要求·············································错误!未定义书签。1.4入侵检测系统发展趋势·············································错误!未定义书签。1.5论文工作安排·························································错误!未定义书签。第2章IDS关键技术···········································错误!未定义书签。2.1入侵检测系统工作原理·············································错误!未定义书签。2.1.1入侵检测技术···················································错误!未定义书签。2.1.2入侵检测的过程················································错误!未定义书签。2.2入侵检测系统模型的建立··········································错误!未定义书签。2.3基于网络的入侵检测系统关键技术······························错误!未定义书签。2.3.1利用Winpcap的数据采集功能······························错误!未定义书签。2.3.2入侵检测中的规则匹配·······································错误!未定义书签。2.3.3协议分析方法···················································错误!未定义书签。2.4IDS的评价标准·······················································错误!未定义书签。2.5系统建立所需环境···················································错误!未定义书签。2.5.1软件环境·························································错误!未定义书签。2.5.2硬件环境·························································错误!未定义书签。第3章系统分析及总体设计·································错误!未定义书签。3.1系统可行性分析······················································错误!未定义书签。3.1.1技术可行性······················································错误!未定义书签。3.1.2经济可行性······················································错误!未定义书签。3.1.3操作可行性······················································错误!未定义书签。3.1.4法律可行性······················································错误!未定义书签。3.2系统需求分析·························································错误!未定义书签。3.3系统流程·······························································错误!未定义书签。3.3.1系统模块图······················································错误!未定义书签。3.3.2系统流程图··············································································43.4系统功能模块介绍···················································错误!未定义书签。3.4.1网络数据包的捕获模块·······································错误!未定义书签。3.4.2网络协议分析模块·············································错误!未定义书签。3.4.3存储模块·························································错误!未定义书签。3.4.4入侵事件检测模块·············································错误!未定义书签。3.4.5响应模块·························································错误!未定义书签。3.5入侵检测系统功能描述·············································错误!未定义书签。第4章系统详细设计··········································错误!未定义书签。4.1系统程序的结构·······················································错误!未定义书签。4.1.1系统详细设计···················································错误!未定义书签。4.2系统功能设计·························································错误!未定义书签。4.2.1捕获网络数据包功能设计····································错误!未定义书签。4.2.2数据分析功能设计·············································错误!未定义书签。4.2.3数据存储功能设计·············································错误!未定义书签。4.2.4响应处理功能设计·············································错误!未定义书签。4.3系统数据库详细设计················································错误!未定义书签。4.3.1数据流程设计···················································错误!未定义书签。4.3.2数据表设计······················································错误!未定义书签。第5章系统实现················································错误!未定义书签。5.1系统主窗体····························································错误!未定义书签。5.2数据库连接····························································错误!未定义书签。5.3系统主要模块功能的实现··········································错误!未定义书签。5.3.1捕获网络数据包功能实现····································错误!未定义书签。5.3.2入侵事件检测的实现··········································错误!未定义书签。5.3.3数据分析中规则设置的实现·································错误!未定义书签。5.3.4入侵响应的实现················································错误!未定义书签。5.4系统联调································································错误!未定义书签。结论··································································错误!未定义书签。参考文献····························································错误!未定义书签。致谢··································································错误!未定义书签。响应分析引擎探测器探测器探测器模式匹配数据库网络接口层图2.1网络入侵检测系统结构图：图2.2通用入侵检测模型图3.1系统模块图3.3.2系统流程图系统流程如图3.2所示事件分析器响应单元事件产生器审计记录/网络数据包/应用程序日志事件数据库入侵检测系统数据管理添加记录删除记录协议分析数据包捕获入侵检测响应报警规则匹配图3.2系统流程图图5.1系统运行主窗口响应入侵事件检测网络协议分析网络数据包的捕获数据管理数据存储以太网网络数据图5.2入侵检测Poweredby计算机毕业