基于WinPcap的网络入侵检测系统的设计与开发

发布时间：2018-05-12 23:16

本文选题：入侵检测 + ACBM　；参考：《天津大学》2014年硕士论文

【摘要】：计算机防御体系防火墙是主要的防御体系，入侵检测是仅次于防火墙的重要防御技术，在系统遭到入侵时进行实时监控与检测。入侵检测系统能在电脑遭受攻击时及时发现系统受到入侵，接下来马上使用软件防止电脑遭受攻击与入侵；在受到损失的时候及时的向软件发出指令，防止不必要的损失。处理完成之后及时的对受到攻击的类型进行分析，并加入信息库中，防止下次再遭受同样的攻击。网络的不断发展，入侵的技术手法也在不断的提高中，面对这样的情况检测技术也需要有更高的对策来迎接挑战。本文以国内外现有的入侵检测技术为基础，探究了现在有关网络的安全问题的现时情况、网络入侵是如何操作的、为什么要进行安全防护，此外讲解了防入侵软件的功用和如何使用。由于当前的大部分检测系统都是在Linux下完成的，如Snort。在这里文章作者开发了源于WinPcap开发包实现的Windows平台下的入侵检测系统，进而开拓了安全产品的使用范畴和用户群。文章在经过分析比较各种模式匹配算法的基础上，选择了性能较高的ACBM算法实现模块的匹配，，这样就让系统具备了很高的效能。本系统主要是对辽宁石化职业技术学院的网络安全系统进行研究设计与维护，确保系统在多人同时访问的情况下及有大流量的信息下能安全平稳的运行，并能有效的防止黑客的入侵。
[Abstract]:Computer defense system firewall is the main defense system, intrusion detection is second only to firewall important defense technology, real-time monitoring and detection is carried out when the system is invaded. Intrusion detection system (IDS) can detect the intrusion in time when the computer is attacked, and then use software to prevent the computer from being attacked and intruded immediately, and send instructions to the software in time of loss to prevent unnecessary loss. After processing is completed, analyze the type of attack in time, and join the information base to prevent the next attack. With the continuous development of the network, the technique of intrusion is improving constantly. In the face of this kind of situation detection technology, we also need to have higher countermeasures to meet the challenge. Based on the existing intrusion detection technology at home and abroad, this paper explores the current situation of network security issues, how network intrusion is operated, and why it should be protected. In addition, it explains the function of anti-intrusion software and how to use it. Most of the current detection systems are implemented under Linux, such as snort. In this paper, the author develops an intrusion detection system based on Windows platform based on WinPcap development kit, and then develops the usage category and user group of security products. On the basis of analyzing and comparing all kinds of pattern matching algorithms, this paper chooses ACBM algorithm with high performance to realize module matching, which makes the system have high efficiency. The main purpose of this system is to design and maintain the network security system of Liaoning Petrochemical Vocational and Technical College, to ensure that the system can run safely and smoothly under the condition of multiple people visiting at the same time and the information with large traffic. And can effectively prevent the invasion of hackers.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】