基于Linux的计算机网络中入侵检测和防火墙联动系统的研究和实现

发布时间：2018-04-01 13:19

本文选题：网络安全　切入点：snort入侵检测　出处：《东北大学》2014年硕士论文

【摘要】：随着计算机网络的高速发展,网络安全问题变得越来越重要,网络攻击不断上升的复杂度和攻击种类的多样性使得保护计算机网络安全变得越来越吃力,为了提高防火墙系统保护网络安全的能力,研究入侵检测系统与防火墙系统的结合顺应而生,与此同时,Linux系统也因其开源性而常常作为研究的环境。入侵检测系统与防火墙的有效结合能够提升系统保护内部网络安全的能力。本文通过对入侵检测系统与防火墙系统功能与工作原理的详细研究,最终设计并实现了一个入侵检测与防火墙的联动系统。在本文中,作者详细介绍了入侵检测系统的功能和工作原理,包括其各个功能模块,工作流程,规则及规则匹配,并且提出一个改进的入侵检测匹配算法。然后阐述了防火墙的理论知识,包括防火墙的架构,各个部分的组成及其功能,数据包如何经过包过滤处理等。论文接着介绍了所提出的入侵检测与防火墙联动系统的需求分析,系统包括三个模块,分别是入侵检测模块,防火墙模块和中间联动模块。其中,中间联动模块包含三个组成部分,分别是配置文件,入侵检测日志分析器和防火墙规则修改器。联动模块通过对检测日志的分析,找出攻击源及其类型,相应修改防火墙的规则,从而实现对攻击的有效拦截。系统测试时,作者选取了两种常见的网络攻击类型,DOS和ping of death,实验结果显示,单独的入侵检测系统只能检测到攻击,防火墙只能静态拦截,联动系统可以有效的进行网络攻击的动态拦截。
[Abstract]:With the rapid development of computer network, the problem of network security becomes more and more important. The increasing complexity of network attacks and the variety of attacks make it more and more difficult to protect computer network security. In order to improve the ability of firewall system to protect network security, the combination of intrusion detection system and firewall system is studied. At the same time, Linux system is often used as a research environment because of its open source. The effective combination of intrusion detection system and firewall can enhance the ability of the system to protect the internal network security. A detailed study on the function and working principle of Firewall system, Finally, an intrusion detection and firewall linkage system is designed and implemented. In this paper, the author introduces the functions and working principles of the intrusion detection system in detail, including its function modules, workflow, rules and rules matching. And an improved intrusion detection matching algorithm is proposed. Then the theoretical knowledge of firewall is expounded, including the structure of firewall, the composition of each part and its functions. The paper then introduces the requirement analysis of the intrusion detection and firewall linkage system, which includes three modules, namely, intrusion detection module, intrusion detection module, and so on. The firewall module and the intermediate linkage module. Among them, the intermediate linkage module consists of three components, namely, configuration file, intrusion detection log analyzer and firewall rule modifier. Find out the source and type of attack, modify the rules of firewall accordingly, so as to realize the effective interception of attack. In the system test, the author selects two common types of network attack, such as ping of death.Experimental results show that, Single intrusion detection system can only detect attacks, firewall can only static interception, the linkage system can effectively intercept the dynamic network attacks.
【学位授予单位】：东北大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】