基于协议分析的网络入侵检测系统的研究和设计

IAbstractIIAbstractWiththepopularizationandfastdevelopmentofnetwork,computersystemhasbeendevelopedfromindependenthosttocomplexandinterconnectsnetworks.Itbringsgreatconveniencetopeopleforsharingofinformation.Problemsonsecurityofinternetarebecomingveryserious.Thustheresearchofcomputernetworksecurityisalsobecomingveryimportant.Asanewactivesecurity-defensivemechanismIntrusionDetectionSystemcanprovidethehostandnetworkdynamicprotection.Itnotonlydetectstheintrusionfromtheextranethackerbutalsomonitorsintranetusers.NownextgenerationIDSaremostlyusingastrategyofcombiningprotocolanalysiswhichmakesuseofthespecificationsofprotocolandoutstandingpatternmatchingalgorithm,tosolvethecontradictionbetweentheaccuracyandthetimeliness.Firstly,baseontheresearchofIDSdevelopingstatusanddirectionathomeandabroad,theauthorputforwardtheideathatpatternmatchingcombineswiththetechnologyofprotocolanalysis,comparingwithtraditionalpatternmatching,itcanreducethecountworkloadthefalsepositiveandfalsenegativeefficiency.Secondly,afterdeeplyhavingastudyontraditionalpatternmatchingmethodsofIDS,theauthorbroughtforwardanimprovedpatternmatchingalgorithm,thealgorithmimprovedmatchingefficiency.Byintroducinganewgenerationofprotocolanalysismethodappliedtonetworkintrusiondetectionsystem,setforththemodelofnetworkintrusiondetectionsystembasedonpatternmatchingandprotocolanalysis.PacketcapturewasrealizedefficientlybyusingWinpcapinthesystem,theproblemofprotocoldecoding,packetrestructuringandreorganizationofdataflowsubparagraphwereresolvedviaper-processmodule.Inmatchingdetectionbasedonprotocolanalysismodule,discussedtheARP,RARP,IP,TCP,ICMP,UDPprotocoloftheanalyticalprocessindetail.RegularanalysismodulefromtherulesdescribedinSnortintrusionmethods,detailedanalysisbasedonSnortrule,usingasimple,flexible,efficientruledescriptionlanguagetodescribetherule.ResponseModuleelaboratestheinitiativeresponseandpassiveresponse.Keywords:NetworkSecurity;IntrusionDetection;PatternMatching;ProtocolAnalysisIII.................................................................................................1..............................................................1.............................................................................3......................................................................................5.....................................................................................................5.........................................................................................6..........................................................................................6..........................................................................................6.......................................................................................................10....................................................................10................................................................................11...............................................................................................12................................................................................12................................................................................15................................................................................15...........................................................................................16....................................................................................16........................................................................17.......................................................................................................19...........................................................................................21...................................................................................................22................................................................22................................................................22......................................................23................................................................23.....................................................................................24.....................................................................25.......................................................................................26...........................................................................................................29IV.......................................................................................................30...................................................................................................32.............................................................................................32............................................................................................33................................................................................34........................................................................................36...