高校办公网入侵检测系统研究

The Universities Work Network invasion Examination System Grinds

随着计算机和网络技术的发展,网络入侵事件的日益增加,人们发现只从防御的角度构造安全系统是不够的,入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作,在分析已有分布式入侵检测系统模型的基础上,提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构,由一个代理控制中心和若干代理组成,结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测,可以有效地检测各种入侵,并具有很好的可扩充性。

With the development of computer and network technology, more and more network including campus network intruded by hackers. Security expert found that only use protection technology to build a security system is not enough. The Intrusion Detection System （IDS） has become a new method for network security, which apart from tradition security protect technology, such as firewall and data encryption. This paper, firstly, introduce the intrusion detection principle and the relative work in the aspect of distributed intrusion detection. On the basis of analyzing the existing model of distributed intrusion detection system, this paper brings forward the model framework of an agent-based intrusion detection system, The distributed model composed of an agent console and several agents, integrating the network-based and hostbased intrusion detection methods and using the agent technology to detect the intrusion in the distributed environment. It can detect intrusion effectively and is extensible for adding new intrusion detection agents or new intrusion models, system is not enough. The Intrusion Detection System （IDS） has become a new method for network security, which apart from tradition security protect technology, such as firewall and data encryption. This paper, firstly, introduce the intrusion detection principle and the relative work in the aspect of distributed intrusion detection. On the basis of analyzing the existing model of distributed intrusion detecffon system, this paper brings forward the model framework of an agent-based intrusion detection system. The distributed model composed of an agent console and several agents, integrating the network-based and host-based intrusion detection methods and using the agent technology to detect the intrusion in the distributed environment. It can detect intrusion effectively and is extensible for adding new intrusion detection agents or new intrusion models.