基于corba的分布式入侵检测系统的研究与实现-计算机应用技术专业论文.docxVIP

第1I页 第1I页 武汉科技大学硕士学位论文 Abstract With network environment of continuously complicated，a variety of network attacks frequently occur,the network security of the growing importance of Internet obviously,as a network security initiative defensive measures Intrusion Detection System，IDS new methods and technologies are constantly proposed and applied．Based on the analysis framework CIDF and the DIDS traditional framework，the thesis build a CORBA—based Lightweight-Agent Distributed Intrusion Detection System Model，the model can not only detect host-based and network intrusion，but also the rapid detection of large-scale distributed intrusion． CL-DIDS utilizes CORBA middleware as the system integrated bus has played CORBA to the operating system，network protocols and programming languages，etc，the transparency of the advantages，and has enabled US to focus on the realization of targets．CL-DIDS system makes use of the system command to achieve an order by the amount of time spent calling sequence， the size of the memory collection，takes advantage of the group capture mechanism library Libpcap which concrete realizes of the visit unrelated to the operating system capture data packets on the network，and Protocol decoding，isolated from the TCP／IP protocol layer in all fields，reducing detection agent development difficult in different platform．CL-DIDS achieve dynamic coefficient based on the queue against the host called Sequence Detection methods and data packets on the network protocol analysis and pattern matching detection method of combining research，while NFR IDS format of the description of the rules have also carried out research to improve the matching the speed and reduce the false positives and omissions and improve the real·-time detection and accuracy．CL--DIDS proposes the new concept sensitive to the agents，exploits dynamic loading technology increase or decrease sensitivi