【作者】 秦晓明；

【导师】 姜建国；

【作者基本信息】 西安电子科技大学 ， 计算机应用技术， 2009， 硕士

【摘要】 网络安全是动态的、整体的,而传统的安全防护模型是静态的、孤立的和被动的。防火墙、入侵检测等各种安全检测手段都有各自的缺陷,并且在防御网络入侵方面没有形成联动,这些安全手段都不能及时有效地保障整个网络系统的安全。因此本文设计了一个网络安全模型——层次化的分布式入侵检测系统,在各部分展开了较为细致的探讨,并给出了具体的实现方法。论文首先分析了分布式入侵检测系统,对分布式入侵检测系统的优势和不足进行梳理,指出层次化的分布式入侵检测是网络入侵检测研究的重要方向。然后在第三章给出了层次化分布式入侵检测系统体系结构。其次,分别从防火墙与入侵检测模块的联动技术及其实现、模式匹配算法的优化以及基于网络的对等型分布式入侵检测系统设计三个方面对网络防御的三个层次：网络边界、网络内部主机和内部子网进行了深入的研究。为了测试系统的可行性和有效性,论文基于Linux环境,利用Snort软件搭建了分布式入侵检测系统测试平台,给出了防火墙、IDS主机和服务器等的相关配置方案,进行了模拟攻击检测实验,并对检测结果进行了分析。本文通过对网络入侵防御关键部位的研究,构建了一个层次化的分布式入侵检测系统,该系统使得防火墙规则集在系统中能够得到自动动态更新,基于主机的入侵检测效率得到改善,传统入侵检测系统单点失效和效率瓶颈问题得到优化。经过实验证明,该系统可以提高网络入侵检测效率,为企业网络入侵检测系统的改进提供了一种可行性方案。更多还原

【Abstract】 Network security is a dynamic and holistic system, but traditional security model is a static and isolated one. Firewall, intrusion detection, virus protection and other security tools have their own defects. Moreover, linkage formation is lacking in Network Intrusion Defense. That means these security tools can not be a timely and effective manner to protect the security of the host. Therefore this paper designs a network security model-Hierarchical Distributed Intrusion Detection System, In the ministries started a more detailed discussion, and gives a specific method.First of all, this paper analyses the Distributed Intrusion Detection System, and sorts out its advantages and disadvantages. Meanwhile, paper also points out that the Hierarchical Distributed Intrusion Detection is an important trend of the Network Intrusion Detection research. And then, in the third chapter, this paper illustrates the structure of the Hierarchical Distributed Intrusion Detection System. Second, paper analyses the three levels of network defense thoroughly, that is Firewall and Intrusion Detection Module linkage technology and its implementation, the internal hosts and the internal subnet. and this analysis is based on the realization of dynamic firewall technology, the optimized pattern matching algorithms, as well as peer-to-peer network-based design for Distributed Intrusion Detection System. In order to test the feasibility and effectiveness of paper-based Linux environment, the use of Snort intrusion detection system software to build a distributed test platform, given a firewall, IDS, etc. related to the host and server configuration, carried out mock attack detection experiment, the test results are analyzed.Based on the key parts of the network intrusion prevention research, Construction of a Hierarchical Distributed Intrusion Detection System, The system allows the firewall rule set in the system can be dynamically updated automatically; the efficiency of host-based intrusion detection is improved; the single point failure and the efficiency bottleneck of traditional intrusion detection system has been optimized accordingly. After experimental verification shows that the system can improve Intrusion Detection System effective for enterprises to improve network intrusion detection system provides a feasibility plan.更多还原