【作者】 杨柳；

【导师】 李祥和；

【作者基本信息】 解放军信息工程大学 ， 通信与信息系统， 2007， 硕士

【摘要】 随着黑客入侵事件的日益猖獗,人们发现只从防御的角度构造安全系统是不够的。入侵检测技术是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。它对计算机和网络资源上的恶意使用行为进行识别和响应,它不仅检测来自外部的入侵行为,同时也监督内部用户的未授权活动。而分布式主动入侵检测(ODIDS)系统能够满足分布式环境下对入侵检测系统的要求,他具有以下特点;-基于部件的设计使得系统具有很好的可扩展性。由于系统的各个功能部件独立存在,部件之间的标准的网络接口,因此部件的部署可多可少,完全根据实际网络系统的需要而定。在大致广域网,小到办公室网络都可以灵活部署。-两级分析结构较好地满足了实时和准确的检测要求。位于主机代理和网络引擎的第一级分析结构强调实时检测,位于分析部件的第二级分析结构深入分析数据地潜在威胁。这种类似于缓存思想的分析结构能够很好的保证检测的实时性和准确性。同时分级的分析结构能够使得多种分析方法同时存在于系统之中,充分发挥各种检测方法的优点。本文主要介绍了和实现了以下几个方面;(1)详细介绍了主动式入侵检测系统如何部署,以及系统的结构。(2)实现了网络引擎的设计,其中包括使用winpcap来实现数据包捕获模块,以及使用协议分析技术来实现协议分析模块。(3)部分实现了控制台模块,其中包括入侵检测模块的实现,以及运用了联动技术实现了响应模块。(4)深入探讨了系统自身保护的措施方案。更多还原

【Abstract】 Invades the event along with the hacker day by day rampant, the people discovered from the defense angle structure safety system is only insufficient. After the invasion examination technology is continues;the firewall; the data encryption; and so on the traditional safekeeping of security measures the new generation of safety control technology.It carries on the recognition and the response to on the computer and the network resources malicious use behavior, not only it examines comes from exterior invasion behavior, simultaneously also supervises internal user not to be authorized the activity.But the distributional initiative invasion examines the (ODIDS) system to be able to satisfy under the distributed environment to invade the examination system the request, he has following characteristic:Enables the system based on the part design to have the very good extendibility.As a result of system each function part independent existence, between part standard network connection, therefore the part deployment may many be possible to be few, needs to decide completely according to the actual network system.In WAN, as slightly all may deploy nimbly approximately as the office network.Two level of analysis structures have satisfied real-time and the accurate examination request well.Is located the main engine proxy and the network engine level analysis structure emphasis real-time examination, is located analyzes the part the second level of analysis structure thorough analysis data latent threat.This kind is similar in the buffer thought analysis structure can very good guarantee examination timeliness and the accuracy. Simultaneously grades the analysis structure can enable many kinds of analysis method simultaneously to exist in the system, displays each examination method fully the merit.(1) Introduced in detail how the driving-type invasion examination system did deploy, as well as system structure.(2) Realized the network engine design, including has used winpcap to realize the data packet capture module, as well as the use protocol analysis technology realized the protocol analysis module.(3) The part has realized the control bench module, including the invasion examination module realization, as well as utilized the linkage technology to realize the response module.(4) Has thoroughly discussed the system own protection measure plan.更多还原