摘要入侵检测是网络安全体系的重要部分,随着计算机网络的快速发展,防火墙渐渐不能满足人们对网络安全的要求。入侵检测作为对防火墙的补充,与杀毒软件、防火墙共同构建了基础防御系统。86060
入侵检测系统的主要工作是智能发现入侵行为,它是一种主动的安全防范技术。Snort是一款开源轻量级网络入侵检测系统,可以运行在多种硬件平台和操作系统上,其具有实时流量分析与记录功能,能够通过协议分析将数据包与自身规则进行匹配从而发现入侵行为。此外该工具还具有良好的扩展性,当发现了新的攻击手段时,规则升级方式较为简单。
本文以分析基本的入侵检测为起点,剖析了入侵检测的基本概念、基础构成、分类方式和检测技术,之后详细分析了snort的组成及应用,包括基本原理、工作流程,完成了基于windows系统的snort入侵检测平台搭建,测试了所搭建系统的有效性,并着重对规则的组成进行研究,最后开展了自定义规则的编写和测试。
毕业论文关键词:snort;入侵检测;规则
AbstractIntrusion detection is an important part of network security system, with the rapid development of network, the firewall cannot meet the requirement for network security anymore, as a complementory tool to firewall,intrusion detection build a fundamental defencesystem with the firewall and antivirus。
The main work of intrusion detection system is indentifying intrusion behavior intelligently, it is a active defensive technique。Snort is an open source and lightweight network intrusion detection system able to run in a variety of hardware platforms and operating systems, it has the function of real-time tracking analysis and recording。Detecting intrusion behavior by analysis protocol of data packets and matching the result with snort’s rules。Moreover , good expansibility is another good side of snort。when meets unfamiliar attack, the way to upgrade the rule is easy。
Analyzing the basic intrusion detection system as a starting point of the artical, about the basic concept, basic structure, classification of intrusion detection methods and detection technology, then analyzed the composition and application of the snort, including basic principle, working process, and build the snort in windows、test the validity,。Finally,compile your rule and test it。
Keywords:snort;intrusion detection system;rules
目录
第一章 绪论 1
1。1 研究的目的与意义 1
1。3 当前存在的问题 3
第二章 入侵检测系统基础知识 4
2。1 入侵检测系统的组成 4
2。2 入侵检测系统的分类 5
2。2。1 按IDS采用的分析技术分类 5
2。2。2 按数据源分类 6
2。3 检测的主要技术 9
2。3。1 误用检测技术 9
2。3。1 异常检测技术 10
第三章 Snort入侵检测系统分析 12
3。1 协议解析 12
3。1。1 IP协议(网际协议) 13
3。1。2 UDP和TCP 13
3。1。3 ICMP协议 14
3。1。4 协议解析过程