基于服务器安全的入侵检测系统在Linux系统上实现 |
| |
引用本文: | 孙建华. 基于服务器安全的入侵检测系统在Linux系统上实现[J]. 大连理工大学学报, 2003, 43(Z1): 41-44 |
| |
作者姓名: | 孙建华 |
| |
作者单位: | 北京联合大学应用文理学院网络中心,北京,100083 |
| |
摘 要: | 为防止黑客入侵,提出一种在Linux环境下实现网络入侵检测系统的实现方法.此系统由嗅探器、分析器和处理器组成.程序用C语言实现.针对网络层与传输层的IP攻击、ICMP攻击、UDP攻击、TCP攻击特征和数据报做了详细的分析;在网络入侵检测的实现上,使用IP重组预处理和模式匹配相结合的方法,提升了系统检测网络攻击行为的能力,两种检测方法成为有效的互补.
|
关 键 词: | 入侵检测 TCP/IP协议 Linux |
文章编号: | 1000-8608(2003)S1-S041-04 |
修稿时间: | 2003-06-05 |
Realization of intrusion detection system on server safety under Linux |
| |
Abstract: | To defense the intrusion from Hackers, an "intrusion detection" solution under Linux is proposed. Based on the TCP/IP detection system, it includes three parts: sniffer system, protocol analysis system and security control. The system was implemented in C program. The detailed analysis of the IP attack, the ICMP attack on net layers and transportation layers, the UDP attack and the TCP attack are brought. After a realization of intrusion-detection, "IP restablishment preprocessing" and "model match" can be jointly adopted to make them reciprocal. Thus, the system capability is enhanced. |
| |
Keywords: | intrusion detection TCP/IP protocol Linux Snort Perl on-line attack |
本文献已被 CNKI 万方数据 等数据库收录! |
|