【作者】 郑汝锋；

【导师】 孙秋柏；

【作者基本信息】 辽宁科技大学 ， 计算机技术， 2008， 硕士

【摘要】 随着计算机和网络技术在社会生活各方面应用的深入发展,计算机网络系统的安全已成为计算机科学研究的热点。随着网络技术的发展及攻击者技术的日益提高,单纯的防火墙已经不能满足安全需求,它无法控制内部网络用户和透过防火墙的入侵者的行为。因此需要采用多方位,多式样的手段来保证网络安全。在当前的网络安全技术中,入侵检测系统(Institution Detection System,IDS)无疑是最热门的技术之一。入侵检测技术能检测出针对某一系统的入侵或入侵企图,并实时作出反应。本文提出了城域网入侵检测系统的实现研究。交换机、路由器等网络设备是构成城域网的重要设备,许多网络瘫痪都与这些设备有关。特别是路由器,作为互联网络的核心设备,是网络安全的前沿关口。城域网入侵检测系统就是专门加强城域网核心部分安全性的一种入侵检测系统。本文设计的城域网入侵检测系统包括以下六个模块:网络数据包捕获模块、数据处理模块、分类器、分析模块、入侵规则库模块、入侵响应及控制模块。数据包捕获和处理模块主要是获取流经城域网的网络流量,包括所有协议端口、所有子网主机的所有交互数据,采用Sniffer技术与NetFlow技术相结合的办法,并以Linux为开发平台、以Perl语言为开发工具、将所采集的网络数据预处理成NetFlow格式。分析模块将定时分析采集后所生成的NetFlow数据文件,自动生成报表。这些报表主要产生城域网中各IP地址的流量和各种应用类型的流量报告。在入侵检测系统中设计了新的检测引擎,该检测引擎中的检测规则采用了与SNORT规则兼容的格式,并且结合Boyer-Moore快速字符搜索算法进行模式搜索。在分析和归纳了常用的阻断技术和入侵检测系统的部署方法的基础上,进而描述了基于校园网的阻断模块的设计原理和部署情况,实现了入侵检测系统与防火墙系统的有机融合。更多还原

【Abstract】 With computer and network technology in the social life in the application of the in-depth development of the computer network system computer security has become a hot research. With the development of network technology and the attacker increasing technology, a simple firewall has been unable to meet security needs, it can not control the internal network users and intruders through the firewall acts. Hence the need for a multi-directional, multi-style means to ensure network security. In the current network security technology,institution detection system (Institution Detection System, IDS) is undoubtedly one of the most popular technology. Intrusion detection technology can detect a system for the invasion or intrusion attempts, and real-time response.This paper presents MAN Institution Detection System Implementation. Switches, routers and other network equipment constitute important MAN equipment, and many of these networks with the equipment. In particular router, as the core of Internet equipment, is the forefront of network security checkpoints. MAN Intrusion Detection System is the core of specialized MAN who strengthens the security of an institution detection system. In this paper the design MAN Institution Detection System modules include the following six modules: network packet capture module, data-processing module, classification, analysis module, the module invasion of the rules, intrusion response and control module. Packet capture and processing module is the main access to the network traffic flows through the metro, including all the agreements ports, all subnet host all interactive data used in support of Sniffer NetFlow technology and the method of combining, and for Linux Development platform to Perl language development tools, will be collected by the network data preprocessing into NetFlow format. Timing analysis module will be generated by the acquisition of the NetFlow data files, generate reports automatically. These statements arising primarily the metro IP address and also the flow of various types of application traffic reports.In Institution Detection System design of a new detection engine, the engine of the rules used in the detection SNORT rules compatible with the format, and with rapid characters Boyer-Moore algorithm search model search. In the analysis and summed up the common blocking technology and the deployment of institution detection system on the basis of methods, which are described based on the campus network blocking module design principle and deployment of the realization of the institution detection system and a firewall system of organic integration.更多还原