The Research And Design Of IDS Based On TCP/IP

With the popularization of Internet and the development of network technology, the security problem of network is more and more prominent. In many network security technologies, intrusion Detection is the most important and attractive technology for many computer operators. Intrusion Detection is one kind of security technologies to find network hidden trouble. As a reasonable makeup to firewall, it can help deal with the attack from network, extend the administrators' ability to protect the system, and make the structure of the security system more integral.First, the thesis analyzes the hierarchy of TCP/IP protocols, and summarizes the format of them, analyzing the factor leading to unsafe network and the means of attack of Crackers. Second, introduces the key technology of intrusion detection. In the detection of protocol analysis model, mainly study the fragment reassembly of IP packet .In the detection of pattern match model, analyze several kinds of pattern match algorithms such as KMP, BM, BMH and multiple pattern match algorithms. Analyze the advantage of the technology in the IDS application and the security of intrusion detection system. Last, introduce the design of IDS basing on the system of CIDF and the protocol analyze. Provide the corresponding methods according the attacks.A composite detect system is designed that can not only misuse detection, but also anomaly detection. The system realizes the capture of network data package based on the Libpcap, analyzes the character of the intrusion behavior, and defines the lib of intrusion rule.On the base of protocol analysis, the system uses the technology of the fragment reassembly of IP packet, TCP data flow reverting, etc. It reduces leak and mistake alert of the intrusion. On the side of the management, the system introduces the center management to directly control every module.The innovation of the design is introducing the model analyse engine and the management center to distribute and manage the secret key. The model analyse engine is to detect the new intrusion, increase the self-adaptability. The management center to distribute and manage thesecret key is to encrypt all the communications, applying the code technology to ensure safe transfers of de data, increasing the security of IDS itself.