个人入侵检测系统的实现(有源程序代码)精要.docVIP

个人入侵检测系统的实现(有源程序代码) 关键词:网络安全;入侵检测;数据包捕获;PIDS Implementation of Personal Intrusion Detection System Abstract The Intrusion Detection System IDS can detect the system or the network resources on the real-time, discover the intruder who intends to enter into a system or a network without warrant in time and prevent users from wrong operation. Based on the basic theory of the intrusion detection and the core technology of intrusion detection, a way of the realization of a simple Personal Intrusion Detection System PIDS, which based on Windows platform, is well researched. The current security status of the network is analyzed firstly, and then the history of intrusion detection technology and the current core theory of the intrusion detection system are introduced. At last, the network architecture on Windows as well as the structure of capturing and filtering data packets by Winpcap, a tool on development is introduced. After that, the system is realized under the Winpcap system environment. The abnormal detection technology is used in the system. After catching data packets with Winpcap in real-time, extracting probabilistic information about events from the intercepted IP packets and sending them to the intrusion detection module, information is analyzed by method of quantitative analysis. In actual system testing, the system shows a good ability on detecting the quantitative characteristics of network intrusion. Finally, the existed problems and our suggestion during this stage is summed up and according to the function of the system, the proposition is given about the future direction. Keywords: Network security, Intrusion detection, Package catching, PIDS 目 录 论文总页数:24页 1 引言 1 1.1 网络安全概述 1 1.1.1 网络安全问题的产生 1 1.1.2 网络信息系统面临的安全威胁 1 1.1.3 对网络个人主机的攻击 2 1.2 入侵检测技术及其历史 3 1.2.1 入侵检测(IDS)概念 3 1.2.2 入侵检测系统的分类 4 1.2.3 入侵检测模型 5 1.2.4 入侵检测过程分析 6 1.2.5 入侵检测的发展历史 6 1.3 个人入侵检测系统的定义 7 1.4 系统研究的意义和方法 7 2 个人入侵检测系统的设计 7 2.1 数据包捕获模块 7 2.2 数据解析模块 11 2.3 数据分析