个人入侵检测系统的实现(有源程序代码).docVIP

WORD格式可编辑 专业知识整理分享 个人入侵检测系统的实现(有源程序代码) 源程序代码等全套设计联系 174320523 各专业都有 分类号:TP393 U D C:D10621-408-2007 5862-0 密 级:公 开 编 号:20038031288 成都信息工程学院 学位论文 个人入侵检测系统的实现 论文作者姓名: 金国强 申请学位专业: 计算机科学与技术 申请学位类别: 工学学士 指导教师姓名(职称): 熊淑华(副教授) 论文提交日期: 2007年6月9日 个人入侵检测系统的实现 摘 要 入侵检测系统(IDS)可以对系统或网络资源进行实时检测,及时发现闯入系统或网络的入侵者,也可预防合法用户对资源的误操作。本论文从入侵检测的基本理论和入侵检测中的关键技术出发,主要研究了一个简单的基于网络的windows平台上的个人入侵检测系统的实现PIDS,Personal Intrusion Detection System。论文首先分析了当前网络的安全现状,介绍了入侵检测技术的历史以及当前入侵检测系统的关键理论。分析了Windows的网络体系结构以及开发工具Winpcap的数据包捕获和过滤的结构。最后在Winpcap系统环境下实现本系统设计。本系统采用异常检测技术,通过Winpcap截取实时数据包,同时从截获的IP包中提取出概述性事件信息并传送给入侵检测模块,采用量化分析的方法对信息进行分析。系统在实际测试中表明对于具有量化特性的网络入侵具有较好的检测能力。最后归纳出系统现阶段存在的问题和改进意见,并根据系统的功能提出了后续开发方向。 关键词:网络安全;入侵检测;数据包捕获;PIDS Implementation of Personal Intrusion Detection System Abstract The Intrusion Detection System IDS can detect the system or the network resources on the real-time, discover the intruder who intends to enter into a system or a network without warrant in time and prevent users from wrong operation. Based on the basic theory of the intrusion detection and the core technology of intrusion detection, a way of the realization of a simple Personal Intrusion Detection System PIDS, which based on Windows platform, is well researched. The current security status of the network is analyzed firstly, and then the history of intrusion detection technology and the current core theory of the intrusion detection system are introduced. At last, the network architecture on Windows as well as the structure of capturing and filtering data packets by Winpcap, a tool on development is introduced. After that, the system is realized under the Winpcap system environment. The abnormal detection technology is used in the system. After catching data packets with Winpcap in real-time, extracting probabilistic information about events from the intercepted IP packets and sending them to the intrusion detection