摘要
入侵检测技术是近年来出现的一种新的计算机网络安全技术。由于该技术具有积极、主动的防卫性,使得其实现方法较为复杂,尚属研究阶段;而且成本较高,使得不少中小型WEB服务器用户望而却步。开发一种基于被动防卫的"受侵检测系统",通过对Web资源文件等进行实时监控,同时采用数据包嗅觉技术对IP数据包进行捕获、包解码并提取其中的TCP数据包;然后根据HTTP协议对TCP数据包中的数据项进行分析,从而实现对Web访问者的网络行为进行联动跟踪,实施对Web入侵者的检测;最后给出了Windows下Web服务器的一个可行的设计和实现方案。
Intrusion detection technology is an still inaccessible for many small and medium web emerging network security technology. But it is servers users due to its high costs and complicated implementation. In this paper, an "intrusion detection system" based on the passive defense was developed to realize linkage tracking of network behaviors of visitors and detecting the web intruders through real-time monitoring of web page resource files' changes while using the packet sniffing technique to capture IP packets and extract and decode the TCP packets, and analyzing the data in the TCP packets according to HTTP. A feasible design and implementation for Windows Web server are also presented.
出处
《电子产品可靠性与环境试验》
2009年第5期37-42,共6页
Electronic Product Reliability and Environmental Testing
基金
湖南省教育厅资助科研项目
湖南科大科学研究基金(自然科学)项目(E50811)资助
关键词
入侵检测技术
网络安全
服务器
受侵检测系统
intrusion detection technology
network security
Web servers
intrusion detection system
Windows
