| With rapid development of computer and network, network security is a practical and unavoidable problem. Network consumers adopt firewall as the first line of defense traditionally. It is impossible to protect network only depending on firewall as more and more attack tools and more complicated ways of attacking have been appearing. It is necessary to adopt more comprehensive and various means. Intrusion detection is a very active field of research since 1990's. Intrusion detection system is a component to detect illegal attacks, which aims at computer system and computer network, to avoid being destroyed.At present, network intrusion detection system cannot keep up with development of network technology, owing to huge amount of data in network. Traditional approaches of intrusion detecting face serious challenge.In this paper, we first introduce the model of intrusion detection systems, and their working principles of intrusion detection systems, and their existing problems. We then studied deeply the implementation of networking in Linux 2.6 kernel, and analyzed network bottleneck of Linux 2.4 kernel, introduced some improvement of 2.6 kernel. Based on above study, we designed an bridge model IDS on Linux. Different of the bypass model monitor in traditional IDS, our system uses bridge model monitor, and detect packet on data-link layer. By using multithread programming technology of Linux, detection and protection are carried out in different CPUs separately, in order to achieve efficient and fast data packet detection. The experiments, conducted in real network environment, show that our Linux based bridge model IDS, designed by us, can meet the requirement we anticipate. It can detect intrusion efficiently and without"false negative", at the same time, the system can guarantee everage network usages. |
PDF Full Text Request