本文選題：防火墻　切入點：入侵檢測　出處：《電子科技大學》2014年碩士論文

【摘要】：隨著計算機的廣泛普及,特別是在互聯網出現后的這段時間,人們的工作和生活都受到了很大的影響。利用互聯網進行信息交流也成了當今社會的主流趨勢,信息化水平的高低也成為衡量一個國家綜合實力的重要標志。與此同時,計算機網絡的發(fā)展和通信技術的提高也促使著網絡安全這一關鍵問題不斷地被人們所重視。防火墻能夠抵擋來自網絡外部的入侵,但是對于網絡內部的破壞行為則無能為力。入侵檢測系統(tǒng)即能夠檢測到網絡外界的入侵,又能檢測到網絡內部的攻擊破壞行為。但是,入侵檢測系統(tǒng)并聯在網路中,只有檢測的功能,當檢測出入侵或者是攻擊的時候,破壞往往已經產生,無法及時的對破壞性為進行阻止。因此,設計并實現一款兼有檢測和防御功能的網絡安全系統(tǒng)是非常有意義的。針對以上原因,本次系統(tǒng)設計并實現了基于自適應的網絡入侵防御系統(tǒng),他兼有防火墻和入侵檢測系統(tǒng)的功能。眾所周知,入侵防御系統(tǒng)是串行連接在網路中的,如果在對數據的處理能力上疲軟的話,會大大的影響網絡的性能。所以我們提出了自適應的能力。它有自主學習的能力來加快數據處理速度,具體表現在兩個方面:一是它能夠自動學習到要學的規(guī)則類別信息,遇到數據包的時候自動選取跟這個數據相對應的規(guī)則類別,所以能夠很大程度的增加系統(tǒng)處理數據的能力。另一個方面是采用了延時取消的機制,如果認為某個發(fā)送者的行為是入侵或者攻擊,就先把它所有的行為都隔離起來,給定一個過期時間,如果時間到那么就取消隔離行為,這種方法能夠在網絡比較擁堵的情況下,很好的保持網絡的穩(wěn)定程度。最后,在實現了此系統(tǒng)后,我們對系統(tǒng)做了功能驗證。結果表明,此次設計的系統(tǒng)跟普通的入侵防御系統(tǒng)相比,無論是在功能上還是在處理數據的能力上有明顯提高。
[Abstract]:With the wide popularity of computers, especially in the period after the emergence of the Internet, people's work and life have been greatly affected. The use of the Internet for information exchange has also become the mainstream trend in today's society. The level of informatization has also become an important symbol to measure the comprehensive strength of a country. At the same time, With the development of computer network and the improvement of communication technology, people pay more and more attention to the key problem of network security. However, there is nothing that can be done about the damage behavior inside the network. The intrusion detection system can detect the intrusion of the outside network and the attack and destroy behavior inside the network. However, the intrusion detection system is parallel in the network. Only the detection function, when the intrusion or attack is detected, the damage often has already occurred, cannot prevent the destruction in time. Therefore, It is very meaningful to design and implement a network security system with both detection and defense functions. For the above reasons, this system has designed and implemented an adaptive network intrusion prevention system. It has the functions of both firewall and intrusion detection system. As we all know, intrusion prevention systems are connected to the network in a serial way, if the ability to process data is weak, It can greatly affect the performance of the network. So we put forward the adaptive ability. It has the ability of autonomous learning to speed up the processing of data. It can be shown in two aspects: first, it can automatically learn the information of the rule categories to be learned. When you encounter a packet, you automatically select the rule category corresponding to this data, so you can greatly increase the system's ability to process the data. Another aspect is the mechanism of delay cancellation. If you think that a sender's behavior is an intrusion or an attack, isolate all of its actions first, give an expiration time, and if the time comes, unblock the behavior. This method can be used in the case of a more congested network. Finally, after the implementation of the system, we have done the functional verification of the system. The results show that the system designed this time is compared with the common intrusion prevention system. There are significant improvements both in functionality and in the ability to process data.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關碩士學位論文 前1條

1 王雅靜;基于Linux防DoS攻擊防火墻研究[D];天津大學;2008年

，

本文編號：1667996