毕业论文：基于协议异常的通用结构网络入侵检测器研究-.doc

第 PAGE 3 页 共 NUMPAGES 11 页 基于协议异常的通用结构网络入侵检测器研究 摘要 近年来，网络入侵事件屡屡发生，网络的安全性受到挑战，由此引发的安全问题层出不穷。针对这样的现状，网络安全领域的新技术不断出现。作为网络安全的重要手段之一，入侵检测技术始终是国内外网络安全技术研究的热点。一方面，长期的研究探索验证该技术具有很强的实用性；另一方面，持续的研究热度说明该技术还有很大发展潜力。特别针对目前大多数研究都是基于误用检测无法发现未知攻击等弊端，本文对异常检测技术进行了研究。选取了更具有实际应用价值的协议异常检测方法，并建立一个适合各类型协议的通用检测建模结构，利用有限自动状态机以及文本匹配实现了一个简单的网络入侵检测器。最终，通过测试和功能验证，说明该方法和结构的可行性和可用性，证明了研究的意义。 关键词：入侵检测； 协议异常； 通用结构 中图分类号：TP309.5 ① Research on Universal Structure Network Intrusion Detector Based on Protocol Anomaly LI Pei （Information Center, Xi’an Institute of Post and Telecommunication, Xi’an 710049, China） Abstract The number of intrusion events on network is increasing rapidly recently, security of internet is being challenged; the problems caused by these phenomenon emerge endlessly synchronous. Face the fact, new technologies in network security field are appeared continuously. Being an important way of network security, intrusion detection technology is all along the hot problem of world network security technique research. We can see that the practicability of intrusion detection is being proved by a period study; meantime we also know that its research are being deeper and deeper, so its implementation is not enough compared with its requirement. The existed systems are mostly based on misuse detection and can not detect unknown attack, so in this paper we research on anomaly detection, and use the more practical method called protocol anomaly detection, meantime built a universal structure that suit for many kinds of protocols. Finally complete a network intrusion detector using finite auto state machine and text matching. We also do some test to validate its function, show the feasibility and usability of this method and this structure, and prove the meaning of research. Keywords: Intrusion Detection；Protocol Anomaly； Universal Structure 引言 现今，随着网络技术的不断发展和广泛应用，网络已成为社会各个领域信息共享与交换的重要平台，从空间上与时间上拉近了人们之间的距离，极大程度上改变了整个社会的行为方式和面貌。然而，我们除了看到网络技术无限的发展潜力和空间，更要意识到网络发展与推广存在着严重障碍，主要是大量的安全隐患和恶意攻击。所