【作者】 章智刚；

【导师】 郭帆；

【作者基本信息】 江西师范大学 ， 计算机科学与技术， 2011， 硕士

【摘要】 随着互联网的迅速发展,网上银行和电子商务等基于网络的金融服务正在逐渐取代人们日常的金融操作。但随着网络拓扑结构的日益复杂,网络安全问题也日益突出,成为整个计算机科学与技术学科关注的热点。入侵检测系统是网络防火墙等传统互联网安全保护措施后的最新最高效的对比过滤系统。入侵检测技术可以通过对比已有的特征库来识别计算机网络中的恶意攻击行为,并将含有攻击的数据包丢弃。入侵检测已经越来越成为保障网络安全的重要方法之一,也得到了广泛的应用。随着对入侵行为检测应用于互联网的研究越来越深入,应用于互联网的入侵检测系统对比也越来越准确、排除率更为精准。另一方面,网络安全在日益复杂的互联网方面也接受着更大的过滤困难,包括怎样把入侵检测系统的对比过滤速率提高到用户容忍范围内,以应对网络拓扑更加复杂的网络;怎样尽可能的减少入侵检测的误报、错报率,使得入侵检测系统的对比检测准确性,从而提高整个系统的安全性能等。在一般的入侵检测系统中,对于分析处理恶意攻击代码的网络过滤器,都是对数据包在内核态进行捕捉和过滤,只能过滤一般性的攻击行为。本文利用静态污点分析的方法,引入污点种子的概念,将数据包中的二进制流转换成汇编程序进行检测,过滤掉污点和被污点感染的数据包。针对恶意代码中经常使用的无条件跳转,转移控制权的攻击方式,进行高效的识别和过滤,从而提高网络过滤器的效率和识别率。最后通过实验证明,采用静态污点分析和污点跟踪的方法,有效地提高了对两类无条件跳转类攻击代码和被其感染的三种结构程序中的其他结点的识别效率。更多还原

【Abstract】 With the rapid development of Internet, online banking and e-commerce web-based financial services is one step to replace the daily financial operations. But with the increasing complexity of network topology, network security issues are also increasingly prominent, the entire discipline of computer science and technology the focus of attention.Intrusion Detection System is a network firewall and other traditional Internet security protection measures in the comparison of the latest and most efficient filtration system. Intrusion detection technology can compare the characteristics of existing computer database to identify malicious network attacks and only attack packets containing discarded. Intrusion detection has become an increasingly important way to protect one of network security, has also been widely used. With the Internet, intrusion detection of the gradual deepening of intrusion detection technology in the network security research plays an increasingly critical role. Meanwhile, in an increasingly complex network security aspects of the Internet also accept greater challenges, such as how to improve intrusion detection system, contrast detection rate, told the network communication to meet the requirements; how to reduce the false negative intrusion detection systems and false alarm and comparison of intrusion detection system to improve detection accuracy, thereby improving the safety performance of the whole system and so on.With the development and popularization of computer network, our working and living environment has been greatly improved, the Internet provides a more convenient way to work and makes life easier. However, everything has its other sides, hackers often make use of the vulnerable networks to attack innocent victims frequently. Facing these problems, we were used to passive defense, such as taking the patch, installing a firewall, reinforcing the system, which can only solve the problem temporarily.更多还原