【作者】 宁志山；

【导师】 段玉波；

【作者基本信息】 大庆石油学院 ， 通信与信息系统， 2008， 硕士

【摘要】 入侵检测系统(Intrusion Detection System)是一种主动保护自己免受攻击的网络安全技术。作为防火墙的合理补充,入侵检测技术能够帮助系统对付网络攻击,扩展了系统管理员的安全管理能力,提高了信息安全基础结构的完整性。本文在深入分析了无线局域网技术以及入侵检测技术的基础上,针对无线局域网络的特点并采用插件设计思想,提出了一个从数据链路层到应用层进行全面检测的无线入侵检测系统模型,并给出了该系统的框架和系统主要的流程步骤,并对其中的关键模块进行了详细设计与编码实现。本系统由检测代理和控制中心组成,检测代理包括包捕获模块、预处理模块、协议解码模块、协议分析模块、规则解析模块等。检测代理可以独立运行,也可以协同工作,相互交换信息,并由控制中心进行统一管理。包捕获模块负责监听、捕获网络中的原始数据包,并按照过滤要求进行数据包过滤;协议解码模块对原始数据包按照协议树结构进行协议解码,以便于预处理模块和检测分析模块进行入侵分析;预处理模块对得到的数据包进行预处理,一方面可以发现针对数据链路层的入侵信息,另一方面为检测分析模块做最后的准备;规则解析模块则是分析规则文件内容,把规则加载到内存中形成规则链;检测分析模块对预处理模块提交的数据,运用改进的BM算法和规则库中的规则进行比较分析,从而判断出是否有入侵行为。实验表明,本系统能够稳定的工作在网络环境下,并且能够快速地检测出针对无线网络的入侵行为。本系统需要不断更新规则库才能检测新的攻击,对于在规则库中没有的新的攻击行为不能检测。更多还原

【Abstract】 Intrusion Detection System is a network security technology which protects computers from attacking pro-actively. As a reasonable complementarity to firewall, intrusion detection system technology can help computers’operating systems deal with network attacks, so, it expands the system administrator’s security managing capabilities and enhances the integrity of the infrastructure about the information security.Based on the in-depth analysis of wireless LAN technology and intrusion detection technology, on the basis of the wireless LAN features and interpolation design ideas, a wireless Intrusion Detection System Mode which test comprehensive from data link layer to the application layer is proposed in this paper, we give the framework and the primary processing steps, and we give the detailed design and the implementation of the key modules. The system consists of detection agents and the control center. Detection agents include package capturing module, pre-processing module, protocol decoding module, protocol analyzing module, rules analyzing module, and so on. Detection agents can operate independently, as well as work together, exchanging information, which is controlled by the unified management control centre. Package capturing module is responsible for the monitoring, capturing the raw data package from the network, and filtering the data packages in accordance with the requirements. Protocol decoding module is responsible for decoding of the original data package based on protocol tree, helping pre-processing module and analyzing module conducting the invasion. Pre-processing module does the pretreatment of the data packages, on one hand, the invasion information of the data link layer can be found, on the other hand, support the detection analyzing module for the final preparation. Rules analyzing module analyzes the content of the rules, and set rules to memory to format the chain. Analyzing module submits the data to pre-processing module, using the rules of the BM algorithm and the rules in the ruse base to analyze comparatively, to determine whether there are some attacks or intrusions.Experiments show that, the system can work in the network environment stability, and can quickly detect wireless network intrusions. The system needs to update the rules base to detect new attacks, but the new attacks not in the rules can not be detected.更多还原