基于SNMP的网络安全入侵检测系统设计.docVIP

中南大学 本科生毕业论文（设计） 题 目 基于SNMP的网络安全入侵检测系统设计 学生姓名 管义成 指导教师 朱桂莲 康松林 学 院 信息科学与工程学院 专业班级 通信工程0303 完成时间 2007.05.31 摘 要 入侵检测是检测和响应计算机误用的学科，其作用包括威慑、检测、响应、损失情况评估、攻击预测和起诉支持。/网络以发现入侵攻击行为的安全技术。本文在分析了目前常用的入侵检测方法和网络入侵攻击手段的基础上，提出了一种基于SNMP的网络安全入侵检测系统设计方案。此方案主要是通过读取和分析管理信息库(MIB)中的网络连接信息，针对网络入侵和攻击的特点，对网络进行监测。 该安全策略能从TCP/IP 协议集的数据链路层、网络层、传输层对网络安全进行多层次监控。系统按照六个模块来实现对网络进行入侵检测，分别为源IP地址欺骗检测、非法TCP连接检测、非法检测、非法检测、非法端口使用检测和攻击检测。根据其收集MIB库中不同组的管理对象信息，经过对该信息分析后对网络进行入侵检测ABSTRACT IDS is the detection and response to the misuse of computer science, including its role in deterrence, detection, response, loss assessment, attack and prosecution support. The invasion examination system is a sort of safety technology which detects the invasion attack through monitoring system or network real-timely. This article analyzes the present common invasion examination method and the method of Net Hacking attacks, and design an invasion examination system based on the SNMP network management. This method monitors the network through reading and analyzing networks connection information in the Management Information Base (MIB) contradistinguishing the networks invasion and attack characteristic. This secure strategy can make a multi-level monitor in the data link layer, network layer,transmission layer and Application layer during the agreement sets of TCP/IP. This System can make the network invasion detection following six modules, such as respectively Original IP addresses deception detection, detection of illegal TCP connections, detection of illegal SNMP operations , IP address detection of illegal, illicit use of TCP and UDP ports Detection and immediate cost DOS attack detection. It collect the managing information from the different items of MIB group under its OID address, and make the invasion testing in the network by the analysis of the information. KEY WORDS computer network, Intrusion Detection System，snmp目录 摘 要 I ABSTRACT II 第一章 绪论 1 1.1 课题研究背景及国内外研究现状 1 1.1.1 课题研究背景 1 1.1.2 课题国