基于改进型BMH算法的入侵检测系统研究

【作者】 苟绍波；

【导师】 王锋；

【作者基本信息】 昆明理工大学 ， 计算机应用， 2003， 硕士

【摘要】 入侵检测(ID,Intrusion Detection)技术是一种主动保护自己免受攻击的一种网络安全技术，是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。作为防火墙的合理补充，入侵检测技术能够帮助系统对付网络攻击，扩展了系统管理员的安全管理能力(包括安全审计监视、攻击识别和响应)，提高信息安全基础结构的完整性。 本文提出一种基于部件的入侵检测系统，具有良好的分布性能和可扩展性。他将基于网络和基于主机的入侵检测系统有机地结合在一起，提供集成化的检测、报告和响应功能。 在网络引擎的实现上，使用了协议分析和模式匹配相结合的方法，有效减小目标的匹配范围，提高了检测速度。同时改进了匹配算法，使得网络引擎具有更好的实时性能。在主机代理中的网络接口检测功能，有效地解决了未来交换式网络中入侵检测系统无法检测的致命弱点。更多还原

【Abstract】 Intrusion Detection (ID)technology is that one kind protects oneself from a kind of network safe practice attacked voluntarily, Continue the security technology of new generation after the traditional safe protective measure , such as" fire wall"," the data are encrypted",etc.. As rational supplement of fire wall, invade detection technique can help the system to deal with attack of network , Expand security managerial ability of system manager( including auditting and monitor, attack and discern and respond safely), Raise the integrality of the safe infrastructure of the information.Whether propose kinds of invasion detection system not based on part this text,have good distribution performance of and can expanding.It combine the network-based IDS and host-based EDS into a system, and provide detection, report and respone together.In the implement of the network engine, the combination of network protocol analyze and pattern match technology is used, and reduce scope to search. We also improved pattern match algorithm, the network engine can search intrusion signal more quickly. We use network interface detection in host agent, which will enable the IDS work on switch network fine.更多还原