【作者】 汪静；

【导师】 王能；

【作者基本信息】 华东师范大学 ， 计算机应用技术， 2003， 硕士

【摘要】 网络信息系统的安全问题是一个十分复杂的问题，涉及到技术、管理、使用等许多方面。入侵检测与防御技术作为新一代的网络信息安全保障技术，它主动地对网络信息系统中的恶意入侵行为进行识别和响应，不仅检测和防御来自外部网络的入侵行为，同时也监视和防止内部用户的未授权活动和误操作行为。 本文在概述传统网络信息安全技术，黑客常用入侵手段与防范对策，入侵检测系统的发展、分类、检测方法以及标准化等问题的基础上，针对目前入侵检测遇到的一些新问题，提出了一个入侵检测系统的设计方案。主要包括对整个系统的体系结构设计，分析子系统结构与检测方法的改进，蜜罐与陷阱子系统(IP陷阱、服务陷阱、文件陷阱)设计，IDS负载均衡技术研究，利用双网卡技术和备份监控代理方式提供对IDS自身的有效安全防护等。另外，本文还从入侵追踪和协同防御两方面论述了入侵防御技术，提出了入侵防御系统(IPS)的构筑设想，设计了IDS与动态防火墙、IDS与路由器相协同的框架模型以及入侵防御协议(IPP)的框架模型。最后，本文讨论了入侵检测目前所面临的问题和未来的发展趋势。更多还原

【Abstract】 The network information system security is a very complicated problem. It involves technology, management, usage and etc. The technique of intrusion detection and intrusion prevention has become the new generation information security technique. It actively identifies the malicious usage behavior of information system and actively responses to it. The IDS(Intrusion Detection System) and IPS(Intrusion Prevention System) not only detect and prevent the exterior network’s intrusion behavior, but also keep watch on and prevent the internal network’s mistaken operations.This paper firstly summarizes the traditional network information security techniques, the common intrusion methods and their countermeasures. Then it discusses the intrusion detection system’s evolution, classification, detection methods, standardization and etc. Aiming at the new encountered problems about intrusion detection, this paper brings forward a design project of the intrusion detection system. It mainly includes the design of the whole system structure, the improvement of analysis subsystem’s structure and detection methods, the design of honeypot and trap subsystem (including IP trap, service trap, file trap), the research of load balance about IDS, the protection for IDS self security with the novel techniques. In addition, this paper discusses the intrusion prevention technique from the aspect of intruder traceback and joint prevention. It puts forward a novel idea about IPS (Intrusion Prevention System) and designs a frame model about cooperation between IDS and dynamic firewall, a frame model about cooperation between IDS and router. This paper also designs a frame model about the Intrusion Prevention Protocol(IPP). Finally, this paper discusses the problems which IDS is presently faced with and the development trends of IDS.更多还原