摘要
研究Linux下基于Snort的入侵检测系统的搭建和使用方法,分析系统的总体构架和工作流程,实现Linux平台下入侵检测系统中网络数据包捕获、网络协议分析、存储等功能。利用Libpcap函数库实现了Linux下网络数据包的捕获技术;利用MySQL数据库实现存储网络数据功能;利用BASE实现了友好的、操作简单的图形化用户界面。通过测试,在Linux环境下构建的Snort系统能实现实时流量分析、日志存储、协议分析、对内容进行搜索匹配等功能,能够检测不同种类的攻击方式,并对攻击进行实时报警,为构建入侵检测系统提供借鉴。
Studies the construction and use of methods based on the Snort intrusion detection system, analyzes the overall system architecture and workflow, realizes the network packet capture, intrusion detection systems, network protocol analysis, storage and other functions based on Linux platform. Realizes the Linux network packet capture technology with Libpcap library, and storage network data function with MySQL database, the GUI with the BASE. The test shows that the Snort can achieves the function of real-time traffic analysis, log storage, protocol analysis, searching for matching content, and can detect different kinds of attack and realize real-time warning, and this provides a reference for building the intrusion detection system.
基金
新疆维吾尔自治区高校科研计划(No.XJEDU2010S48)
