基于协议分析的网络入侵检测系统研究与设计

发布时间：2018-05-05 11:32

本文选题：网络安全 + 入侵检测　；参考：《安徽理工大学》2014年硕士论文

【摘要】：随着计算机网路技术的不断发展,网络中的威胁也在不断增多同时也日趋复杂。如何在享受网络带给我们方便快捷的同时确保网络通信的安全已经受到人们越来越多的重视。为了提升网络系统的安全性,网络入侵检测系统已经越来越多的被人们接受和采用。经过近些年的发展,网络入侵检测系统已成为网络安全系统体系中相当重要的一部分。但是入侵检测系统的高误报率和高漏报率却成了现在制约其发展的关键问题。文章结合了模式匹配技术、协议分析技术、表达式分析技术等,基于网络协议分析,提出了一种内部规则和外部规则相结合的改进的系统设计。在外部规则中,设计了一种新的特征描述语言,类似传统的编程语言,易懂且功能强大。而通过内部规则的引入,将协议分析检测中的逻辑进行了丰富,实现了对复杂、含状态的攻击的检测。相比较于现有的系统,新设计下的网络入侵检测系统的检测区域更加精准,检测能力得到提高。本文的主要工作有以下方面：将表达式解析技术融入到了外部规则的检测中,使得外部规则的逻辑表达能力和检测能力得到加强。同时,也一并兼容了传统的模式匹配的检测手法,并对之进行了快速模式匹配和多模式匹配算法的优化。在使用外部规则的同时在系统中也定义了一些常用的内部规则,用以检测相对复杂的,或是包含状态的入侵手段。同时,通过状态协议分析检测等相关异常检测手法的引入,使得改进的网络入侵检测系统对未知的威胁也具有了一定的检测能力。多级缓冲区的使用。在设计的网络入侵检测系统中,采用了多级缓冲的结构,这样使得系统在应对相对高速的网络环境时能够具有比较稳定的性能表现。
[Abstract]:With the development of computer network technology, the threats in the network are increasing and becoming more and more complex. More and more attention has been paid to how to ensure the security of network communication while enjoying the convenience and rapidity of network. In order to improve the security of network system, network intrusion detection system has been accepted and adopted by more and more people. With the development of recent years, network intrusion detection system has become a very important part of network security system. However, the high false alarm rate and high false alarm rate of intrusion detection system (IDS) have become the key problems restricting its development. This paper combines pattern matching technology, protocol analysis technology, expression analysis technology and so on. Based on network protocol analysis, an improved system design which combines internal and external rules is proposed. In the external rules, a new feature description language is designed, which is similar to the traditional programming language and is easy to understand and powerful. Through the introduction of internal rules, the logic of protocol analysis and detection is enriched, and the detection of complex, stateful attacks is realized. Compared with the existing system, the newly designed network intrusion detection system has more accurate detection area and improved detection ability. The main work of this paper is as follows: The expression parsing technique is integrated into the detection of external rules, which enhances the ability of logical expression and detection of external rules. At the same time, the traditional pattern matching detection techniques are also compatible, and the fast pattern matching and multi-pattern matching algorithms are optimized. While using external rules, some common internal rules are defined in the system to detect relatively complex or status-containing intrusion methods. At the same time, the improved network intrusion detection system has a certain ability to detect unknown threats through the introduction of related anomaly detection techniques such as state protocol analysis and detection. The use of multilevel buffers. In the designed network intrusion detection system, a multi-level buffer structure is adopted, which enables the system to have relatively stable performance in response to the relatively high speed network environment.
【学位授予单位】：安徽理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】