分布式入侵检测系统关键技术的研究和实现
发布时间:2019-01-27 13:03
【摘要】:随着互联网上升到国家战略层面,网络及计算机技术得到了飞速发展,互联网已经全面触及到生活和工作的方方面面,信息安全面临着前所未有的威胁。因为基于互联网的应用和数据大都采用分布式部署在不同网络和地区,它们面临的入侵攻击更分布且更复杂。在这样的背景环境下,对入侵检测以及分布式入侵检测提出了更高的要求。本文主要对入侵检测和分布式入侵检测系统中的关键技术进行分析,并对无法适应目前入侵检测要求的方面进行了改进。最后基于本文的分析研究以及进行的改进工作,设计并实现了一个分布式入侵检测系统。分析研究工作的主要包括:(1)对分布式入侵检测系统以及其各类系统结构进行分析,为后面分布式入侵检测系统的结构设计方案提供了参考基础。(2)对分布式入侵检测中的两个关键内容进行了分析:基于BEEP的通信协议和信息交换格式IDMEF。针对BEEP协议的分析,为本文设计并实现分布式入侵检测系统中的BEEP通信组件提供技术支持。同时基于对IDMEF的分析,提出其不足之处,是本文对其进行了改进和创新工作的基础。(3)本文深入分析了误用入侵检测中常用的多模式匹配算法,并通过实验对比各种算法的性能,为将来提高入侵检测性能提供了理论和实验基础。在改进和创新方面:(1)基于对IDMEF的分析,本文对IDMEF提出了它的不足,并对此进行了改进,设计了新的IDMEF格式版本IDMEFNew。针对目前互联网应用中数据交互的新要求和发展趋势,提出并设计了JSON取代XML的方案。(2)同时为了应对大量数据的传输,并为将来与大数据平台Hadoop进行数据交换上的对接,让系统能借助大数据技术进行入侵检测分析。本文设计并实现了基于Avro的IDMEFNew编码组件。本文基于之前的分析和实验工作,设计并实现了一个分布式入侵检测系统。该系统入侵检测部分采用误用入侵检测的开源软件Snort实现。在系统结构方面借助基于Agent的分布式思想,将入侵检测部件独立,并增加了独立运行的节点管理器。该系统的通信交换协议采用了BEEP协议来实现,并在数据交换格式部分,采用了本文对IDMEF的改进并设计实现的Avro IDMEFNew编码组件。
[Abstract]:With the rise of the Internet to the national strategic level, network and computer technology has been rapid development, the Internet has comprehensively touched all aspects of life and work, information security is facing unprecedented threats. Because most Internet-based applications and data use distributed deployment in different networks and regions, they face more distributed and more complex intrusion attacks. In such a background environment, intrusion detection and distributed intrusion detection put forward higher requirements. In this paper, the key technologies of intrusion detection and distributed intrusion detection system are analyzed, and improvements are made on the aspects that can not meet the requirements of current intrusion detection. Finally, a distributed intrusion detection system is designed and implemented based on the analysis and improvement of this paper. The main contents of this paper are as follows: (1) the distributed intrusion detection system and its architecture are analyzed. It provides a reference for the structure design of distributed intrusion detection system. (2) two key contents of distributed intrusion detection are analyzed: communication protocol based on BEEP and IDMEF. format of information exchange. The analysis of BEEP protocol provides technical support for the design and implementation of BEEP communication components in distributed intrusion detection system. At the same time, based on the analysis of IDMEF, put forward its shortcomings, which is the basis of the improvement and innovation of this paper. (3) this paper deeply analyzes the commonly used multi-pattern matching algorithm in misuse intrusion detection. The performance of various algorithms is compared through experiments, which provides a theoretical and experimental basis for improving the performance of intrusion detection in the future. In the aspects of improvement and innovation: (1) based on the analysis of IDMEF, this paper puts forward its shortcomings to IDMEF, and improves it, and designs a new version of IDMEFNew. in IDMEF format. In view of the new requirement and development trend of data exchange in Internet application at present, this paper puts forward and designs a scheme to replace XML with JSON. (2) in order to deal with the transmission of a large amount of data and to connect with Hadoop platform of big data in the future, So that the system can use big data technology intrusion detection analysis. This paper designs and implements the IDMEFNew coding component based on Avro. Based on the previous analysis and experimental work, a distributed intrusion detection system is designed and implemented in this paper. The intrusion detection part of the system is implemented by Snort, an open source software of misuse intrusion detection. In the aspect of system structure, the intrusion detection component is independent and the independent node manager is added with the help of the distributed idea based on Agent. The communication exchange protocol of this system is implemented by BEEP protocol, and in the part of data exchange format, the Avro IDMEFNew coding component which is improved and implemented by this paper is adopted.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2416285
[Abstract]:With the rise of the Internet to the national strategic level, network and computer technology has been rapid development, the Internet has comprehensively touched all aspects of life and work, information security is facing unprecedented threats. Because most Internet-based applications and data use distributed deployment in different networks and regions, they face more distributed and more complex intrusion attacks. In such a background environment, intrusion detection and distributed intrusion detection put forward higher requirements. In this paper, the key technologies of intrusion detection and distributed intrusion detection system are analyzed, and improvements are made on the aspects that can not meet the requirements of current intrusion detection. Finally, a distributed intrusion detection system is designed and implemented based on the analysis and improvement of this paper. The main contents of this paper are as follows: (1) the distributed intrusion detection system and its architecture are analyzed. It provides a reference for the structure design of distributed intrusion detection system. (2) two key contents of distributed intrusion detection are analyzed: communication protocol based on BEEP and IDMEF. format of information exchange. The analysis of BEEP protocol provides technical support for the design and implementation of BEEP communication components in distributed intrusion detection system. At the same time, based on the analysis of IDMEF, put forward its shortcomings, which is the basis of the improvement and innovation of this paper. (3) this paper deeply analyzes the commonly used multi-pattern matching algorithm in misuse intrusion detection. The performance of various algorithms is compared through experiments, which provides a theoretical and experimental basis for improving the performance of intrusion detection in the future. In the aspects of improvement and innovation: (1) based on the analysis of IDMEF, this paper puts forward its shortcomings to IDMEF, and improves it, and designs a new version of IDMEFNew. in IDMEF format. In view of the new requirement and development trend of data exchange in Internet application at present, this paper puts forward and designs a scheme to replace XML with JSON. (2) in order to deal with the transmission of a large amount of data and to connect with Hadoop platform of big data in the future, So that the system can use big data technology intrusion detection analysis. This paper designs and implements the IDMEFNew coding component based on Avro. Based on the previous analysis and experimental work, a distributed intrusion detection system is designed and implemented in this paper. The intrusion detection part of the system is implemented by Snort, an open source software of misuse intrusion detection. In the aspect of system structure, the intrusion detection component is independent and the independent node manager is added with the help of the distributed idea based on Agent. The communication exchange protocol of this system is implemented by BEEP protocol, and in the part of data exchange format, the Avro IDMEFNew coding component which is improved and implemented by this paper is adopted.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 葛钊成;彭凯;;大数据环境下入侵检测系统概述[J];软件;2016年05期
2 刘秀平;;浅析当前网络入侵检测系统的方案研究[J];数码世界;2016年04期
3 李璋;杜慧敏;王涌钢;;字符串匹配算法的实现:CPU vs.GPU vs.FPGA[J];电子科技;2014年12期
4 唐君;杨云;;基于多模式匹配算法的计算机网络入侵检测研究[J];科技通报;2014年04期
5 张燕飞;李亚琼;;有关KMP模式匹配算法的探索[J];计算机光盘软件与应用;2014年08期
6 王浩;武凌;司凤山;魏苏林;;基于移动代理的分布式入侵检测系统研究[J];重庆科技学院学报(自然科学版);2013年06期
7 王伟;余利华;;RPCI:面向互联网的RPC框架[J];计算机工程与应用;2013年21期
8 马占飞;尹传卓;;Windows平台下Snort系统的架构与实现[J];计算机技术与发展;2013年01期
9 巫喜红;曾锋;;AC多模式匹配算法研究[J];计算机工程;2012年06期
10 刘云峰;;模式匹配及其改进算法在入侵检测系统中的应用[J];电脑开发与应用;2011年04期
相关硕士学位论文 前3条
1 王建凯;基于分布式架构的网络入侵检测系统研究与实现[D];北京邮电大学;2014年
2 尹传卓;基于Snort的分布式入侵检测系统的研究与实现[D];内蒙古科技大学;2012年
3 赵荣杰;IPv6网络中的分布式入侵检测系统研究与实现[D];西安电子科技大学;2009年
,本文编号:2416285
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2416285.html
