The Network Intrusion Detection System (NIDS) is a new security technology, apart from tradition security protect technology, such as firewall and data crypt, which watches the computer and network traffic for intrusive and suspicious activities. In China, there is urgent need for NIDS products with independent intellectual property rights. The technology of NIDS is far more than full developed, and more effort is needed to devote to this research area. There are two key detection methods in Network Intrusion Detection: rule-based misuse detection and behavior-based anomaly detection. Because of its high successful alert rate, rule-based NIDS is the main product in the market. The main difficulty of Rule-based Network Intrusion Detection System is how to define the attack signatures and how to organize the rules efficiently. In this thesis, we survey the network intrusion detection technology and the NIDS systems, discuss Protocol Analysis in Network Intrusion Detection. Based on the analysis of the existing Network Intrusion Detection Systems, we present a rule-based Network Intrusion Detection System. The main contributions of this system are: 1. Present a rule-organizing method, which is based on automaton model. We describe the attack signature with the rule specification of SNORT and use automaton model to organize the, rule sets. We introduce the method to construct the automation of multiple rules, and optimize it through the sub-automaton sharing. 2. Present a method to detect the Port Scan attack and Denials of Services attack, which is based on the stateful anomaly detection. We implement these methods into the prototype NIDS - FPDigital.
修改评论