| The high-speed development of information and network technology has brought the enormous facility to daily life and work, and the operation of enterprises more and more relies on information and network technology. While the network becomes more and more important, people and enterprise have to face the security question. With the increasing of attacking tool and attack means, invading incidents increase. Traditional security strategy that passively sets up defend strategy with single firewall technology is unable to satisfy people's demands for modern network security, however Intrusion detection system effectively remedied the deficiency of firewall with the characteristic of its initiative defense. On the basis of research on a large amount of invasion detection technique, according to the general model which is put forward by the internationalized standard organization, the general purpose model for the interoperation among invasion detection system's was proposed, after analyzing and comparing the difference of different invasion detection techniques, and studying the operation principle of snort. And an distributed, snort technique based and centralized manageable mixing type invasion detection system was designed and realized. this system has designed and realized modules as following : attack detection module, attack detection and management module, data packet statistic and analysis module, routine control module, dairy management module, PCI management and service module which keeps contact with detection card, and other expansion module. The loose coupling relation between every module, not only has improved efficiency of developing but also offer a convenient way to expand the function and carry on the secondary development of the system. In the core of the system, that is the detection engine, riper snort technology with open code source was adopt, according to the concrete situation this system, the function had been expanded, and communication part that transmit massage with other module had been pulsed. Modularization design and utilization ripe open source software to realize the software reuse make the solution of the Intrusion detection system have characteristics such as fast developing , high-efficient and fine expandability, flexibility, and etc. Following the internationalized standard makes this system have the operation ability with other systems. This system was applied to enterprise networks of an large-scale Electric Company of Japan, which have reached the anticipated designing requirement. |
PDF Full Text Request