《——网络入侵检测系统(Snort)研究 (1)》-毕业论文.doc

PAGE 本科毕业论文 本科毕业论文 二 〇 一 一 年 五 月 摘 要 互联网络的蓬勃发展给人们的工作生活带来极大的便利，然而，随着现代化网络应用的普及，伴随而来的网络不安全因素也给网络信息安全带来了严峻挑战，传统的网络安全技术已经很难对付这些日益严重的安全威胁，所以我们就有必要去开发专门的工具去避免这些不安全因素的攻击，而入侵检测技术便可以作为一种很重要的技术为我们所用。 入侵检测是网络安全领域中一个较新的课题，检测引擎作为入侵检测系统的核心模块，其检测速度快慢直接影响网络入侵检测系统的效率，模式匹配是入侵检测系统的重要检测方法，其性能对入侵检测系统至关重要。入侵检测系统按照数据分析模式来分，可以分为异常入侵检测和误用入侵检测，对于当前基于模式匹配的误用入侵检测系统来说，入侵检测的检测效率主要体现在模式匹配的速度，好的模式匹配算法是提高入侵检测速度的关键所在。 本论文首先介绍研究了网络入侵检测的概况，然后深入的研究了snort的详细信息，包括其特点，结构和其检测流程等，论文较重点的配置了snort在windows下的工作环境，做了简单的实验，来展现snort的DOS下的工作过程和与php，acid等可图形显示下的数据浏览与操作。 关键词：网络安全；snort；入侵检测；模式匹配  ABSTRACT The rapid development of the Internet brings great convenience to peoples work and live but as the popularity of modern network ,the network attendant insecurity also brings to the information security challenges ,the traditional network security technology has difficulty to deal with these increasingly serious security threat ,so it is necessary to develop special tools to avoid the insecurity of the attack ,and intrusion detection technologies can be a very important technology work for us． Network security intrusion detection is a relatively new subject ,The engine of testing is the core module of the Intrusion Detection System ,and the detection rate of speed directly affects the efficiency of network intrusion detection systems .Pattern matching intrusion detection system is an important detection method and the performance of intrusion detection system is essential． This paper first introduces the study the general network intrusion detection，Then a snort of thorough research information, including its characteristics, structure and the detection process, and so on,The paper is the focus of the configuration snort under Windows work environment, to a simple experiment,To show the work under the DOS snort with PHP, process and acid, under the graphic display data browsing with operation. KEY WORDS: Network security;Snort;Intrusion detection ; Pattern matching  目 录 TOC \o 1-3 \h \u HYPERLINK \l _Toc296