校园网入侵检测系统平台的设计与实现

发布时间：2018-04-12 10:56

本文选题：网络安全 + 模式匹配　；参考：《电子科技大学》2014年硕士论文

【摘要】：随着计算机网络技术的发展和互联网的广泛应用,其中电子商务的许多新概念的应用、家庭信息和军事信息战等新领域发展尤为突出,其安全问题日益突出,现在的计算机系统现是盘大而复杂的,应用软件也日趋复杂,系统的安全漏洞不可避免的,尤其是在计算机系统安全和网络安全的研究和发展滞后,各种攻击手段不断出现,再加上人们的防范意识淡薄,现状堪忧。因此,一般的入侵预防技术已经难以保证计算机系统的安全,还需要一种新的技术,能及时发现未经授权的行为,并做出相应处理,这就是入侵检测技术。本文对湖南商学院北津学院校园网的网络结构进行了深入的分析,以此为基础,设计一个基于模式匹配和协议分析的入侵检测系统,从以下几个方面开展研究工作:(1)研究检测原理,提出一种应用于校园网运行环境的,运用协议分析和模式匹配技术的入侵检测系统框架,并对各重要模块进行深入研究。(2)数据捕获模块是入侵检测系统检测数据的来源,对系统性能有着重要影响,通过深入分析,在原有的捕获机制下,提出改进方案,即使用网络设备在Linux系统内核中实现中断缓和的接口技术以及内存映射技术来提高捕获效率,实验表明,捕获效率有明显提升。(3)在入侵检测模块的设计上,协议分析和模式匹配技术使得系统性能比传统的入侵检测系统有所提高。在字符串匹配算法中对BM算法进行了改进,显著提高入侵检测系统的检测效率。通过系统性能测试实验和在实际教学网中的运行,测试了入侵检测系统的功能,并对检测结果进行汇总分析,说明了本文设计的系统可以为学院校园网络的安全提供更有力的保障。
[Abstract]:With the development of the computer network technology and the wide application of the Internet, the application of many new concepts of electronic commerce, the development of new fields such as family information and military information warfare are particularly prominent, and the security problems are becoming more and more prominent.Now the computer system is large and complex, the application software is becoming more and more complex, the security vulnerability of the system is inevitable, especially when the research and development of the computer system security and the network security lag behind, all kinds of attack means appear constantly.In addition, people's awareness of prevention is weak, the status quo is worrying.Therefore, it is difficult for the general intrusion prevention technology to guarantee the security of computer system, and a new technology is needed, which can detect and deal with the unauthorized behavior in time, which is called intrusion detection technology.In this paper, the network structure of the campus network of Beijin University of Hunan Business School is deeply analyzed. Based on this, an intrusion detection system based on pattern matching and protocol analysis is designed.From the following several aspects of research work: 1) to study the principle of detection, put forward a framework of intrusion detection system, which is applied to the running environment of campus network, using protocol analysis and pattern matching technology.The data capture module is the source of intrusion detection system detection data, which has an important impact on the system performance. Through in-depth analysis, under the original capture mechanism, the improved scheme is put forward.That is, using network devices to implement interrupt mitigation interface technology and memory mapping technology in the kernel of Linux system to improve the capture efficiency. The experiment shows that the capture efficiency has a significant improvement in the design of intrusion detection module.Protocol analysis and pattern matching make the system performance better than the traditional intrusion detection system.In order to improve the detection efficiency of intrusion detection system, BM algorithm is improved in string matching algorithm.The function of the intrusion detection system is tested through the system performance test experiment and the operation in the actual teaching network, and the test results are summarized and analyzed.It shows that the system designed in this paper can provide a more effective guarantee for the security of college campus network.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP393.18

【参考文献】