【摘要】：隨著互聯(lián)網(wǎng)上升到國(guó)家戰(zhàn)略層面,網(wǎng)絡(luò)及計(jì)算機(jī)技術(shù)得到了飛速發(fā)展,互聯(lián)網(wǎng)已經(jīng)全面觸及到生活和工作的方方面面,信息安全面臨著前所未有的威脅。因?yàn)榛诨ヂ?lián)網(wǎng)的應(yīng)用和數(shù)據(jù)大都采用分布式部署在不同網(wǎng)絡(luò)和地區(qū),它們面臨的入侵攻擊更分布且更復(fù)雜。在這樣的背景環(huán)境下,對(duì)入侵檢測(cè)以及分布式入侵檢測(cè)提出了更高的要求。本文主要對(duì)入侵檢測(cè)和分布式入侵檢測(cè)系統(tǒng)中的關(guān)鍵技術(shù)進(jìn)行分析,并對(duì)無法適應(yīng)目前入侵檢測(cè)要求的方面進(jìn)行了改進(jìn)。最后基于本文的分析研究以及進(jìn)行的改進(jìn)工作,設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)分布式入侵檢測(cè)系統(tǒng)。分析研究工作的主要包括:(1)對(duì)分布式入侵檢測(cè)系統(tǒng)以及其各類系統(tǒng)結(jié)構(gòu)進(jìn)行分析,為后面分布式入侵檢測(cè)系統(tǒng)的結(jié)構(gòu)設(shè)計(jì)方案提供了參考基礎(chǔ)。(2)對(duì)分布式入侵檢測(cè)中的兩個(gè)關(guān)鍵內(nèi)容進(jìn)行了分析:基于BEEP的通信協(xié)議和信息交換格式IDMEF。針對(duì)BEEP協(xié)議的分析,為本文設(shè)計(jì)并實(shí)現(xiàn)分布式入侵檢測(cè)系統(tǒng)中的BEEP通信組件提供技術(shù)支持。同時(shí)基于對(duì)IDMEF的分析,提出其不足之處,是本文對(duì)其進(jìn)行了改進(jìn)和創(chuàng)新工作的基礎(chǔ)。(3)本文深入分析了誤用入侵檢測(cè)中常用的多模式匹配算法,并通過實(shí)驗(yàn)對(duì)比各種算法的性能,為將來提高入侵檢測(cè)性能提供了理論和實(shí)驗(yàn)基礎(chǔ)。在改進(jìn)和創(chuàng)新方面:(1)基于對(duì)IDMEF的分析,本文對(duì)IDMEF提出了它的不足,并對(duì)此進(jìn)行了改進(jìn),設(shè)計(jì)了新的IDMEF格式版本IDMEFNew。針對(duì)目前互聯(lián)網(wǎng)應(yīng)用中數(shù)據(jù)交互的新要求和發(fā)展趨勢(shì),提出并設(shè)計(jì)了JSON取代XML的方案。(2)同時(shí)為了應(yīng)對(duì)大量數(shù)據(jù)的傳輸,并為將來與大數(shù)據(jù)平臺(tái)Hadoop進(jìn)行數(shù)據(jù)交換上的對(duì)接,讓系統(tǒng)能借助大數(shù)據(jù)技術(shù)進(jìn)行入侵檢測(cè)分析。本文設(shè)計(jì)并實(shí)現(xiàn)了基于Avro的IDMEFNew編碼組件。本文基于之前的分析和實(shí)驗(yàn)工作,設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)分布式入侵檢測(cè)系統(tǒng)。該系統(tǒng)入侵檢測(cè)部分采用誤用入侵檢測(cè)的開源軟件Snort實(shí)現(xiàn)。在系統(tǒng)結(jié)構(gòu)方面借助基于Agent的分布式思想,將入侵檢測(cè)部件獨(dú)立,并增加了獨(dú)立運(yùn)行的節(jié)點(diǎn)管理器。該系統(tǒng)的通信交換協(xié)議采用了BEEP協(xié)議來實(shí)現(xiàn),并在數(shù)據(jù)交換格式部分,采用了本文對(duì)IDMEF的改進(jìn)并設(shè)計(jì)實(shí)現(xiàn)的Avro IDMEFNew編碼組件。
[Abstract]:With the rise of the Internet to the national strategic level, network and computer technology has been rapid development, the Internet has comprehensively touched all aspects of life and work, information security is facing unprecedented threats. Because most Internet-based applications and data use distributed deployment in different networks and regions, they face more distributed and more complex intrusion attacks. In such a background environment, intrusion detection and distributed intrusion detection put forward higher requirements. In this paper, the key technologies of intrusion detection and distributed intrusion detection system are analyzed, and improvements are made on the aspects that can not meet the requirements of current intrusion detection. Finally, a distributed intrusion detection system is designed and implemented based on the analysis and improvement of this paper. The main contents of this paper are as follows: (1) the distributed intrusion detection system and its architecture are analyzed. It provides a reference for the structure design of distributed intrusion detection system. (2) two key contents of distributed intrusion detection are analyzed: communication protocol based on BEEP and IDMEF. format of information exchange. The analysis of BEEP protocol provides technical support for the design and implementation of BEEP communication components in distributed intrusion detection system. At the same time, based on the analysis of IDMEF, put forward its shortcomings, which is the basis of the improvement and innovation of this paper. (3) this paper deeply analyzes the commonly used multi-pattern matching algorithm in misuse intrusion detection. The performance of various algorithms is compared through experiments, which provides a theoretical and experimental basis for improving the performance of intrusion detection in the future. In the aspects of improvement and innovation: (1) based on the analysis of IDMEF, this paper puts forward its shortcomings to IDMEF, and improves it, and designs a new version of IDMEFNew. in IDMEF format. In view of the new requirement and development trend of data exchange in Internet application at present, this paper puts forward and designs a scheme to replace XML with JSON. (2) in order to deal with the transmission of a large amount of data and to connect with Hadoop platform of big data in the future, So that the system can use big data technology intrusion detection analysis. This paper designs and implements the IDMEFNew coding component based on Avro. Based on the previous analysis and experimental work, a distributed intrusion detection system is designed and implemented in this paper. The intrusion detection part of the system is implemented by Snort, an open source software of misuse intrusion detection. In the aspect of system structure, the intrusion detection component is independent and the independent node manager is added with the help of the distributed idea based on Agent. The communication exchange protocol of this system is implemented by BEEP protocol, and in the part of data exchange format, the Avro IDMEFNew coding component which is improved and implemented by this paper is adopted.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 葛釗成;彭凱;;大數(shù)據(jù)環(huán)境下入侵檢測(cè)系統(tǒng)概述[J];軟件;2016年05期

2 劉秀平;;淺析當(dāng)前網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)的方案研究[J];數(shù)碼世界;2016年04期

3 李璋;杜慧敏;王涌鋼;;字符串匹配算法的實(shí)現(xiàn):CPU vs.GPU vs.FPGA[J];電子科技;2014年12期

4 唐君;楊云;;基于多模式匹配算法的計(jì)算機(jī)網(wǎng)絡(luò)入侵檢測(cè)研究[J];科技通報(bào);2014年04期

5 張燕飛;李亞瓊;;有關(guān)KMP模式匹配算法的探索[J];計(jì)算機(jī)光盤軟件與應(yīng)用;2014年08期

6 王浩;武凌;司鳳山;魏蘇林;;基于移動(dòng)代理的分布式入侵檢測(cè)系統(tǒng)研究[J];重慶科技學(xué)院學(xué)報(bào)(自然科學(xué)版);2013年06期

7 王偉;余利華;;RPCI:面向互聯(lián)網(wǎng)的RPC框架[J];計(jì)算機(jī)工程與應(yīng)用;2013年21期

8 馬占飛;尹傳卓;;Windows平臺(tái)下Snort系統(tǒng)的架構(gòu)與實(shí)現(xiàn)[J];計(jì)算機(jī)技術(shù)與發(fā)展;2013年01期

9 巫喜紅;曾鋒;;AC多模式匹配算法研究[J];計(jì)算機(jī)工程;2012年06期

10 劉云峰;;模式匹配及其改進(jìn)算法在入侵檢測(cè)系統(tǒng)中的應(yīng)用[J];電腦開發(fā)與應(yīng)用;2011年04期

相關(guān)碩士學(xué)位論文 前3條

1 王建凱;基于分布式架構(gòu)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)研究與實(shí)現(xiàn)[D];北京郵電大學(xué);2014年

2 尹傳卓;基于Snort的分布式入侵檢測(cè)系統(tǒng)的研究與實(shí)現(xiàn)[D];內(nèi)蒙古科技大學(xué);2012年

3 趙榮杰;IPv6網(wǎng)絡(luò)中的分布式入侵檢測(cè)系統(tǒng)研究與實(shí)現(xiàn)[D];西安電子科技大學(xué);2009年

，

本文編號(hào)：2416285