【作者】 周文星；

【导师】 周绍梅；

【作者基本信息】 南昌大学 ， 计算机技术， 2010， 硕士

【摘要】 本论文主旨在理论研究与实践应用的结合,以江西地税局局域网安管平台工程为背景,建立以异常和误用检测相结合,基于网络的入侵监测系统为重点的安全机制,实现区域范围内的网络安全。论文首先全面阐述了网络安全的相关知识、F2DR的动态安全模型和入侵检测的基本概念及分类,对基于误用检测和异常检测的入侵检测系统作了全面而又深刻地分析,并对误用检测和异常检测IDS的基本原理和典型系统类型进行了详细的比较。论文同时还分别论述了基于网络和基于主机的IDS的基本原理,着重描述了基于网络的监测规则和匹配算法,并且对基于主机的IDS数据来源和模块结构进行了深刻阐述。论文以江西省地方税务局局域网的架构和技术特点为背景进行介绍,分析其中存在的网络安全问题,发现在内网中遭受DDos攻击的情况比较普遍,由此决定利用基于网络P2DR动态安全模型及入侵检测系统原理与技术,以IDS日志记录为依据进行分析,提出了基于离散度的DDoS检测算法,并在此基础上通过分析防御的特征提出了基于报警率和状态切换的响应模块。更多还原

【Abstract】 Being the background of "The Project of security management jiangxi province local tax Bureau" and based on the technology of net,this paper is written in combining the theory research with the practice application for setting up the networks security of Instruction Detection System(IDS)with misuse and abnormal detection,and building the networks security in the area..At first,the paper fully expatiates the basic viewpoint of networds security,dynamic security model of F2DR,and the basic concept and classification of instruction detection.The paper deeply analyses and compares in detail the principles and classical sorts of misuse and abnotmal detection,At the same time,the paper discusses the basic principles of Host-based and Network-based IDS,and represents the detection rule of Network-based,matching algorithm,the data resource and model structure of Host-based IDS.The paper introduces the frame and technical characteristics and analyses the networks security question faced network companies.we found it is common to be attacked by DDos. Based on the dynamic security model of P2DR and technology of instruction detection system,and we decided to create a method for detecting DDos based on disperse_degree according to the essential character of DDos and the record of IDS..And based this,we create a moudule for defending Ddos based on state_switch by analyzing the character of defending.更多还原