【作者】 陈莉；

【导师】 熊文龙；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2004， 硕士

【摘要】 随着计算机信息技术与网络技术的迅猛发展，信息与网络的安全形势也日趋严峻和复杂化。各种计算机安全事件不断发生，如何从技术，管理，法律多方面采取综合措施来保障信息与网络安全已经成为世界各国计算机安全人员的共同目标。计算机网络安全技术主要有：认证授权(Authentication)、数据加密(Encryption)、访问控制(Access Control)、安全审计(Auditing)等。入侵检测技术是安全审计中的核心技术之一，是网络安全防护的重要组成部分。 本文主要介绍网络入侵检测系统(IDS)的起由和发展史，并对网络上流行的几种攻击行为及其攻击原理进行了详细的阐述。在此基础上，对入侵检测系统设计原理和在Linux操作系统(主要以RedHat9.0为设计平台)下，对NIDS的设计进行探讨。入侵检测系统(IDS)的目的是要保障所监控计算机系统及网络的安全，它可以根据配置及时发现并报告系统中未经授权或异常的现象，是一种用于检测计算机网络中违反安全策略行为的技术。自从八十年代Denning提出入侵检测系统这个概念以来，在过去的20多年时间内，入侵检测系统(IDS)得到了飞速的发展，提出了许多的系统设计模型，出现了很多比较成熟的商业化产品。文中对于目前几种比较常见的攻击方法，如缓冲区溢出，拒绝服务攻击，IP欺骗等的攻击原理和具体的攻击方法进行了阐述，并考虑数据源，事件数据库及设计平台等诸多方面的因素，提出了详细的基于Linux的网络入侵检测系统结构设计方案。最后分析了目前网络入侵检测系统的研究条件和局限性，并针对目前网络发展的趋势方向和特点，分析了对应网络发展趋势入侵检测系统今后的几个发展方向。 网络安全问题是伴随网络的产生而产生，由于网络初始设计时对于一些因素没有充分考虑，随着网络的不断发展，涌现出越来越多的安全问题。虽然管理员已经采取了一系列的措施来减少安全问题的发生，如升级操作系统以堵塞某些系统漏洞，将防火墙等应用到各种网络环境中，但仍存在许多安全隐患，特别是内部人员滥用和误用，使得防火墙安全工具基本上不起作用，而入侵检测系统则是解决这些隐患的有效手段。如果说加密和防火墙技术是静态防御措施的话，那么入侵检测就是一种随着当前网络状态变化而动态响应的安全防御手段。更多还原

【Abstract】 By the development of computer science and network technology, the circumstances on the security of information and network are increasingly rigorous. Since various of events about computer security have happened, it comes to be a common target of computer administrators in the world that how to take some steps in the terms of technology, management, and law to keep the information and security of computers from being destroyed. Computer security technology includes mainly : Authentication, Encryption, Access Control, Auditing and so on. Intrusion Detection technology is one of the core technology of Auditing, and it is an important part of protection of network security.In this article, the origin and the development of Intrusion Detection technologies is introduced. More than that, the elements and principle of some pop attack in the network at present is analyzed in detail. On the basis of it, the design theorem about NEDS is probed into and a designer about a NEDS based on Linux(design the IDS centrally on Red Hat 9.0 OS) is given.The purpose of the IDS is to safeguard the security of the monitored computes and the network. EDS is one of the technologies, which is used to detect the behavior of disobey safety policy in compute network, and it can find out and report the unauthenticated or abnormal phenomena. During the past more than twenty years, EDS has developed at very fast speed and many system design modules have been brought forward, and besides many a commercial product has come forth since Denning put forward the conception of EDS at 1980’s. In this paper, the elements and principle of some pop attack in the network at present, such as buffer overflow, DOS, IP disguise is analyzed in detail, and the particular structure design project of NEDS based on linux is discussed, in term of data resource, event database, and design plane. At the end of the paper, the circumstances and the localization of IDS study, feature of computer network is disbated, and the future development orientation of EDS is put forward.Owing to the appearance of the computer network, the problems about the security of computer network come into ially with the development of network, more and more problems come forth. Although network administrator have takennetwork, more and more problems come forth. Although network administrator have taken some steps, such as update operation system in order to wall up the system hole, setup firewall, to resolve the problems, there are still many security hidden troubles, such as caused by misuse of inside people, which can make firewall and so on useless. In this regard, IDS is the valid means to resolve the hidden troubles. On the understanding that the encryption techniques and firewall is static protection measure, IDS is a dynamic protection measure, which changes with the variety of network station.更多还原