èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽSnortçš„å…¥ä¾µæ£€æµ‹ç³»ç»Ÿåœ¨æ ¡å›ç½‘ä¸çš„åº”ç”¨ç ”ç©¶

Research on Application of Intrusion Detection System Based on Snort in Campus Network

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æž—æ–‡å¿ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ å“ˆå°”æ»¨ç†å·¥å¤§å¦ ï¼Œ è®¡ç®—æœºæŠ€æœ¯ï¼Œ 2007ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ è¿‘å¹´æ¥ï¼Œéšç€ç½‘ç»œæŠ€æœ¯çš„è¿…çŒ›å‘å±•å’Œå› ç‰¹ç½‘çš„å¹¿æ³›æ™®åŠï¼Œç½‘ç»œå®‰å…¨é—®é¢˜å˜å¾—æ—¥ç›Šçªå‡ºï¼Œç½‘ç»œå®‰å…¨çš„ä¸€ä¸ªä¸»è¦å¨èƒå°±æ˜¯é€šè¿‡ç½‘ç»œå¯¹ä¿¡æ¯ç³»ç»Ÿçš„å…¥ä¾µã€‚ä½œä¸ºç½‘ç»œå®‰å…¨çš„ä¸€ä¸ªé‡è¦ç»„æˆéƒ¨åˆ†ï¼Œç½‘ç»œå…¥ä¾µæ£€æµ‹ç³»ç»Ÿ(NIDS)ä¹Ÿè¶Šæ¥è¶Šæ˜¾ç¤ºå‡ºå…¶é‡è¦æ€§ã€‚é«˜ç‰é™¢æ ¡æ˜¯æ–°æŠ€æœ¯çš„å•è‚²åŸºåœ°ï¼Œéšç€ä¿¡æ¯åŒ–æ—¶ä»£çš„åˆ°æ¥ï¼Œé«˜ç‰é™¢æ ¡ä¹Ÿåœ¨æŽ¨è¿›è‡ªå·±çš„ä¿¡æ¯åŒ–å»ºè®¾ã€‚éšç€æ ¡å›ç½‘ç»œè§„æ¨¡çš„ä¸æ–æ‰©å¤§ï¼Œæ ¡å›ç½‘ç»œçš„å®‰å…¨é—®é¢˜ä¹Ÿæ—¥ç›Šçªå‡ºã€‚ä»…ä»…ä¾é ä¼ ç»Ÿçš„é˜²ç«å¢™æŠ€æœ¯å¹¶ä¸èƒ½ä¿è¯æ ¡å›ç½‘ç»œçš„å®‰å…¨ã€‚ä¸ºæ¤ï¼Œæœ¬æ–‡æå‡ºä½¿ç”¨å…¥ä¾µæ£€æµ‹ç³»ç»Ÿå’Œé˜²ç«å¢™ç›¸ç»“åˆå¾—æ–¹æ³•å®žçŽ°æ ¡å›ç½‘ç»œçš„å®‰å…¨é˜²æŠ¤ã€‚NIDSèƒ½å¤Ÿç›‘è§†ç½‘ç»œæ•°æ®æµåŠ¨æƒ…å†µï¼Œå½“å…¥ä¾µå‘ç”Ÿæ—¶èƒ½å¤Ÿæä¾›æŠ¥è¦ã€‚çŽ°åœ¨å·²ç»å‡ºçŽ°äº†å¾ˆå¤šå•†ä¸šçš„NIDSï¼Œä½†æ˜¯å®ƒä»¬å¤§å¤šæ¯”è¾ƒå¤æ‚ï¼Œæ¯”è¾ƒéš¾ä»¥æŽŒæ¡ï¼Œè€Œä¸”æ¯”è¾ƒæ˜‚è´µï¼Œæ¯”è¾ƒå°çš„å…¬å¸æ— æ³•æ‰¿å—ã€‚Snort2.0æ˜¯ä¸€ä¸ªå‡ºè‰²çš„å…è´¹NIDSç³»ç»Ÿï¼Œå®ƒåŸºäºŽGPLï¼Œæ˜¯ä¸€ä¸ªå¼ºå¤§çš„è½»é‡çº§çš„ç½‘ç»œå…¥ä¾µæ£€æµ‹ç³»ç»Ÿã€‚æœ¬æ–‡é¦–å…ˆä»‹ç»äº†å…¥ä¾µæ£€æµ‹ç³»ç»Ÿçš„åˆ†ç±»ï¼Œå½“å‰çš„ç ”ç©¶çŽ°çŠ¶ï¼Œä»¥åŠä½¿ç”¨çš„ä¸»è¦æŠ€æœ¯å’Œå‘å±•è¶‹åŠ¿ã€‚ä¹‹åŽä»‹ç»äº†Snort2.0çš„ä½“ç³»ç»“æž„ã€æŠ€æœ¯ç‰¹ç‚¹åŠå…¶å®Œæˆçš„åŠŸèƒ½ï¼Œé‡ç‚¹ç ”ç©¶Snort2.0è§„åˆ™çš„ç»„æˆã€è®¾ç½®ä¸Žè¿è¡Œæƒ…å†µï¼›åœ¨æ¤åŸºç¡€ä¸Šæå‡ºäº†å°†Snort2.0å…¥ä¾µæ£€æµ‹ç³»ç»Ÿåº”ç”¨äºŽæ ¡å›ç½‘ç»œä¸ä»¥ä¿éšœæ ¡å›ç½‘ç»œçš„å®‰å…¨ï¼›ç»™å‡ºäº†Snort2.0å…¥ä¾µæ£€æµ‹ç³»ç»Ÿåœ¨æ ¡å›ç½‘ç»œä¸çš„é…ç½®æ–¹æ¡ˆã€å®‰è£…ä½¿ç”¨æ–¹æ³•ã€ä»¥åŠè¿è¡Œå’Œæµ‹è¯•æ–¹æ³•ã€‚ç»åº”ç”¨å®žéªŒè¡¨æ˜Žï¼Œåœ¨æ ¡å›ç½‘ä¸ä½¿ç”¨åŸºäºŽSnort2.0å…¥ä¾µæ£€æµ‹ç³»ç»Ÿå¯ä»¥æœ‰æ•ˆçš„ä¿è¯æ ¡å›ç½‘ç»œçš„å®‰å…¨å¯é ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ In recent years, with the rapid development of the network technology andthe extensive popularization of Internet, the security of network becomes moreand more important. A main threat of the network security is to invade to theinformation system through network. As one important component of networksecurity, the Network Intrusion Detection System (NIDS) becomes more andmore important.Colleges and universities are a breeding base of the new technology. Withthe arrival of the information era, they are promoting their own informationconstruction. As the scale of the campus network becomes bigger and bigger, itssecurity problem will be more and more serious. Depends upon the traditionalfirewall technology can not be able to guarantee the campus network. Therefore,this article proposed the method of combining the NIDS and the firewall torealize the campus network safe protection. NIDS which is used for monitoringthe network data flow can alert when the intrusion happens. Already NIDS ofmuch commerce has appeared now, but they are mostly more complicated, moredifficult to master, and more expensive, and the smaller companies are unable tobear.Snort2.0 is an outstanding and free NIDS system, which based on GPL, andit is also a strong NIDS of lightweight. Firstly this text introduces theclassification of the intrusion detection system, the current research circumstance,the trend of development and the technology used mostly. Secondly, this textintroduces the system architecture, technological characteristics and functions ofSnort2.0 IDS, mainly research the construction of the system, establishment andrunning of Snort 2.0 Intrusion Detection Rules. On the basis of study andexperiment, the paper proposes a design which uses Snort 2.0 in compus network to protect its security. Meanthwhile, the configuration scheme, the method ofinstalling and using, the situation of running and test of the Snort2.0 IDS incampus network are given.The application and test result shows that, the NIDS based on snort2.0 canguarantee the campus network well.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ å…¥ä¾µæ£€æµ‹ï¼› Snortï¼› è§„åˆ™è®¾ç½®ï¼› æ ¡å›ç½‘ï¼›
ã€Key wordsã€‘ Intrusion detectionï¼› Snortï¼› Rules settingï¼› Campus networkï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ å“ˆå°”æ»¨ç†å·¥å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘404

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽSnortçš„å…¥ä¾µæ£€æµ‹ç³»ç»Ÿåœ¨æ ¡å›­ç½‘ä¸­çš„åº”ç”¨ç ”ç©¶

Research on Application of Intrusion Detection System Based on Snort in Campus Network

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åŸºäºŽSnortçš„å…¥ä¾µæ£€æµ‹ç³»ç»Ÿåœ¨æ ¡å›ç½‘ä¸çš„åº”ç”¨ç ”ç©¶