基于自适应的网络入侵防御系统的设计与实现

发布时间：2018-03-26 13:13

本文选题：防火墙　切入点：入侵检测　出处：《电子科技大学》2014年硕士论文

【摘要】：随着计算机的广泛普及,特别是在互联网出现后的这段时间,人们的工作和生活都受到了很大的影响。利用互联网进行信息交流也成了当今社会的主流趋势,信息化水平的高低也成为衡量一个国家综合实力的重要标志。与此同时,计算机网络的发展和通信技术的提高也促使着网络安全这一关键问题不断地被人们所重视。防火墙能够抵挡来自网络外部的入侵,但是对于网络内部的破坏行为则无能为力。入侵检测系统即能够检测到网络外界的入侵,又能检测到网络内部的攻击破坏行为。但是,入侵检测系统并联在网路中,只有检测的功能,当检测出入侵或者是攻击的时候,破坏往往已经产生,无法及时的对破坏性为进行阻止。因此,设计并实现一款兼有检测和防御功能的网络安全系统是非常有意义的。针对以上原因,本次系统设计并实现了基于自适应的网络入侵防御系统,他兼有防火墙和入侵检测系统的功能。众所周知,入侵防御系统是串行连接在网路中的,如果在对数据的处理能力上疲软的话,会大大的影响网络的性能。所以我们提出了自适应的能力。它有自主学习的能力来加快数据处理速度,具体表现在两个方面:一是它能够自动学习到要学的规则类别信息,遇到数据包的时候自动选取跟这个数据相对应的规则类别,所以能够很大程度的增加系统处理数据的能力。另一个方面是采用了延时取消的机制,如果认为某个发送者的行为是入侵或者攻击,就先把它所有的行为都隔离起来,给定一个过期时间,如果时间到那么就取消隔离行为,这种方法能够在网络比较拥堵的情况下,很好的保持网络的稳定程度。最后,在实现了此系统后,我们对系统做了功能验证。结果表明,此次设计的系统跟普通的入侵防御系统相比,无论是在功能上还是在处理数据的能力上有明显提高。
[Abstract]:With the wide popularity of computers, especially in the period after the emergence of the Internet, people's work and life have been greatly affected. The use of the Internet for information exchange has also become the mainstream trend in today's society. The level of informatization has also become an important symbol to measure the comprehensive strength of a country. At the same time, With the development of computer network and the improvement of communication technology, people pay more and more attention to the key problem of network security. However, there is nothing that can be done about the damage behavior inside the network. The intrusion detection system can detect the intrusion of the outside network and the attack and destroy behavior inside the network. However, the intrusion detection system is parallel in the network. Only the detection function, when the intrusion or attack is detected, the damage often has already occurred, cannot prevent the destruction in time. Therefore, It is very meaningful to design and implement a network security system with both detection and defense functions. For the above reasons, this system has designed and implemented an adaptive network intrusion prevention system. It has the functions of both firewall and intrusion detection system. As we all know, intrusion prevention systems are connected to the network in a serial way, if the ability to process data is weak, It can greatly affect the performance of the network. So we put forward the adaptive ability. It has the ability of autonomous learning to speed up the processing of data. It can be shown in two aspects: first, it can automatically learn the information of the rule categories to be learned. When you encounter a packet, you automatically select the rule category corresponding to this data, so you can greatly increase the system's ability to process the data. Another aspect is the mechanism of delay cancellation. If you think that a sender's behavior is an intrusion or an attack, isolate all of its actions first, give an expiration time, and if the time comes, unblock the behavior. This method can be used in the case of a more congested network. Finally, after the implementation of the system, we have done the functional verification of the system. The results show that the system designed this time is compared with the common intrusion prevention system. There are significant improvements both in functionality and in the ability to process data.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】