【摘要】：隨著互聯(lián)網(wǎng)上升到國家戰(zhàn)略層面,網(wǎng)絡及計算機技術得到了飛速發(fā)展,互聯(lián)網(wǎng)已經(jīng)全面觸及到生活和工作的方方面面,信息安全面臨著前所未有的威脅。因為基于互聯(lián)網(wǎng)的應用和數(shù)據(jù)大都采用分布式部署在不同網(wǎng)絡和地區(qū),它們面臨的入侵攻擊更分布且更復雜。在這樣的背景環(huán)境下,對入侵檢測以及分布式入侵檢測提出了更高的要求。本文主要對入侵檢測和分布式入侵檢測系統(tǒng)中的關鍵技術進行分析,并對無法適應目前入侵檢測要求的方面進行了改進。最后基于本文的分析研究以及進行的改進工作,設計并實現(xiàn)了一個分布式入侵檢測系統(tǒng)。分析研究工作的主要包括:(1)對分布式入侵檢測系統(tǒng)以及其各類系統(tǒng)結構進行分析,為后面分布式入侵檢測系統(tǒng)的結構設計方案提供了參考基礎。(2)對分布式入侵檢測中的兩個關鍵內(nèi)容進行了分析:基于BEEP的通信協(xié)議和信息交換格式IDMEF。針對BEEP協(xié)議的分析,為本文設計并實現(xiàn)分布式入侵檢測系統(tǒng)中的BEEP通信組件提供技術支持。同時基于對IDMEF的分析,提出其不足之處,是本文對其進行了改進和創(chuàng)新工作的基礎。(3)本文深入分析了誤用入侵檢測中常用的多模式匹配算法,并通過實驗對比各種算法的性能,為將來提高入侵檢測性能提供了理論和實驗基礎。在改進和創(chuàng)新方面:(1)基于對IDMEF的分析,本文對IDMEF提出了它的不足,并對此進行了改進,設計了新的IDMEF格式版本IDMEFNew。針對目前互聯(lián)網(wǎng)應用中數(shù)據(jù)交互的新要求和發(fā)展趨勢,提出并設計了JSON取代XML的方案。(2)同時為了應對大量數(shù)據(jù)的傳輸,并為將來與大數(shù)據(jù)平臺Hadoop進行數(shù)據(jù)交換上的對接,讓系統(tǒng)能借助大數(shù)據(jù)技術進行入侵檢測分析。本文設計并實現(xiàn)了基于Avro的IDMEFNew編碼組件。本文基于之前的分析和實驗工作,設計并實現(xiàn)了一個分布式入侵檢測系統(tǒng)。該系統(tǒng)入侵檢測部分采用誤用入侵檢測的開源軟件Snort實現(xiàn)。在系統(tǒng)結構方面借助基于Agent的分布式思想,將入侵檢測部件獨立,并增加了獨立運行的節(jié)點管理器。該系統(tǒng)的通信交換協(xié)議采用了BEEP協(xié)議來實現(xiàn),并在數(shù)據(jù)交換格式部分,采用了本文對IDMEF的改進并設計實現(xiàn)的Avro IDMEFNew編碼組件。
[Abstract]:With the rise of the Internet to the national strategic level, network and computer technology has been rapid development, the Internet has comprehensively touched all aspects of life and work, information security is facing unprecedented threats. Because most Internet-based applications and data use distributed deployment in different networks and regions, they face more distributed and more complex intrusion attacks. In such a background environment, intrusion detection and distributed intrusion detection put forward higher requirements. In this paper, the key technologies of intrusion detection and distributed intrusion detection system are analyzed, and improvements are made on the aspects that can not meet the requirements of current intrusion detection. Finally, a distributed intrusion detection system is designed and implemented based on the analysis and improvement of this paper. The main contents of this paper are as follows: (1) the distributed intrusion detection system and its architecture are analyzed. It provides a reference for the structure design of distributed intrusion detection system. (2) two key contents of distributed intrusion detection are analyzed: communication protocol based on BEEP and IDMEF. format of information exchange. The analysis of BEEP protocol provides technical support for the design and implementation of BEEP communication components in distributed intrusion detection system. At the same time, based on the analysis of IDMEF, put forward its shortcomings, which is the basis of the improvement and innovation of this paper. (3) this paper deeply analyzes the commonly used multi-pattern matching algorithm in misuse intrusion detection. The performance of various algorithms is compared through experiments, which provides a theoretical and experimental basis for improving the performance of intrusion detection in the future. In the aspects of improvement and innovation: (1) based on the analysis of IDMEF, this paper puts forward its shortcomings to IDMEF, and improves it, and designs a new version of IDMEFNew. in IDMEF format. In view of the new requirement and development trend of data exchange in Internet application at present, this paper puts forward and designs a scheme to replace XML with JSON. (2) in order to deal with the transmission of a large amount of data and to connect with Hadoop platform of big data in the future, So that the system can use big data technology intrusion detection analysis. This paper designs and implements the IDMEFNew coding component based on Avro. Based on the previous analysis and experimental work, a distributed intrusion detection system is designed and implemented in this paper. The intrusion detection part of the system is implemented by Snort, an open source software of misuse intrusion detection. In the aspect of system structure, the intrusion detection component is independent and the independent node manager is added with the help of the distributed idea based on Agent. The communication exchange protocol of this system is implemented by BEEP protocol, and in the part of data exchange format, the Avro IDMEFNew coding component which is improved and implemented by this paper is adopted.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 葛釗成;彭凱;;大數(shù)據(jù)環(huán)境下入侵檢測系統(tǒng)概述[J];軟件;2016年05期

2 劉秀平;;淺析當前網(wǎng)絡入侵檢測系統(tǒng)的方案研究[J];數(shù)碼世界;2016年04期

3 李璋;杜慧敏;王涌鋼;;字符串匹配算法的實現(xiàn):CPU vs.GPU vs.FPGA[J];電子科技;2014年12期

4 唐君;楊云;;基于多模式匹配算法的計算機網(wǎng)絡入侵檢測研究[J];科技通報;2014年04期

5 張燕飛;李亞瓊;;有關KMP模式匹配算法的探索[J];計算機光盤軟件與應用;2014年08期

6 王浩;武凌;司鳳山;魏蘇林;;基于移動代理的分布式入侵檢測系統(tǒng)研究[J];重慶科技學院學報(自然科學版);2013年06期

7 王偉;余利華;;RPCI:面向互聯(lián)網(wǎng)的RPC框架[J];計算機工程與應用;2013年21期

8 馬占飛;尹傳卓;;Windows平臺下Snort系統(tǒng)的架構與實現(xiàn)[J];計算機技術與發(fā)展;2013年01期

9 巫喜紅;曾鋒;;AC多模式匹配算法研究[J];計算機工程;2012年06期

10 劉云峰;;模式匹配及其改進算法在入侵檢測系統(tǒng)中的應用[J];電腦開發(fā)與應用;2011年04期

相關碩士學位論文 前3條

1 王建凱;基于分布式架構的網(wǎng)絡入侵檢測系統(tǒng)研究與實現(xiàn)[D];北京郵電大學;2014年

2 尹傳卓;基于Snort的分布式入侵檢測系統(tǒng)的研究與實現(xiàn)[D];內(nèi)蒙古科技大學;2012年

3 趙榮杰;IPv6網(wǎng)絡中的分布式入侵檢測系統(tǒng)研究與實現(xiàn)[D];西安電子科技大學;2009年

，

本文編號：2416285