《基于SNORT的入侵防御系统的实现---毕业论文》由会员分享,可在线阅读,更多相关《基于SNORT的入侵防御系统的实现---毕业论文(69页珍藏版)》请在金锄头文库上搜索。
1、本 科 毕 业 论 文 基于SNORT的入侵防御系统的实现The Implementation of SNORT-Based Intrusion Prevention System姓 名: 学 号:学院:软件学院系:软件工程专 业:软件工程年 级:指导教师: 年 月摘要在网络化高度发达的今天,从网络中获取信息已经成为人们日常生活中不可分割的一部分。网络已经成为经济、文化、军事和社会活动中无处不在的工具。在带来发展的同时,网络安全问题也随之突显出来。在这样的环境下,网络安全技术不得不与时俱进,以增强网络安全的保障。传统的入侵检测系统,防火墙等在保障信息安全上都发挥着巨大的应用,但是他们的作用单一
2、,无法应对复杂多变的网络环境。入侵检测系统具有发现入侵、记录事件的功能,其重点在于入侵行为的检测上,缺乏对于入侵的应对和阻断能力。防火墙对流经的网络流量进行检测,拦截不符合安全策略的数据包。但是防火墙的访问规则是静态的,不能动态地响应入侵行为的变化。本文将入侵检测和防火墙相结合,来实现一个简单的入侵防御系统IPS。论文主要研究了以下三方面的问题:第一、对入侵检测系统Snort的工作原理和报警信息的内容进行研究,并在代码中实现调用Snort的工作。第二、实现一个基于API的包滤器式的防火墙,能够限制一台指定IP地址、端口号的客户机,对本机发送TCP、UDP或者ICMP的数据包。第三、实时获取Sn
3、ort报警信息,解读警报中的关键字段,动态地对防火墙进行设置。从而在发现恶意行为的伊始,阻断产生威胁的连接,达到防御入侵的效果。关键词:入侵防御系统;入侵检测技术;Snort;防火墙;过滤器AbstractWith rapid development of the Internet nowadays, obtaining information from the network has become an inseparable part of our daily life. The Internet has been widely used as a ubiquitous tool in o
4、ur economic, cultural, military and social activities. In addition to benefits of development, the security problem of network is being highlighted. In such an environment, network security technology is required to keep pace with the times so as to improve the level of network security. Although tr
5、aditional IDS (Intrusion Detection System), firewall and so on are playing a significant role in information security, they are unable to cope with the complex and changeable network environment. For instance, IDS has the ability of detecting and recording events. It focuses on detecting intrusion b
6、ehavior, but can not fulfill the function of blocking and responding to intrusion; firewall has the capability of detecting network traffic and intercepting the packets which do not conform to the safety strategy. But the access rules of firewall are static, they can not respond to changeable invasi
7、on behavior in a dynamic way. In this thesis, the author combines IDS and firewall to implement a simple IPS (Intrusion Prevention System). The whole work mainly focuses on the following three aspects:Firstly, the thesis researches the working principle and the alert information of Snort so as to pr
8、epare for calling the detection function of Snort.Secondly, the thesis aims to implement a firewall based on API packet filter. It is expected to restrict a client with a certain IP address and port number to sending packets to the host by TCP, UDP or ICMP protocol.Thirdly, the thesis analyzes how t
9、o gain real-time Snort alerts, read the key fields of it, and configure the firewall dynamically so as to block the potential threatening connection at the beginning of malicious behavior and realize invasion defense.Key words: Intrusion Prevention System; Intrusion Detection Technology; Snort; Fire
10、wall; filter目录第一章 绪论11.1 选题背景和研究意义11.2 入侵防御软件的发展历程21.3 国内外发展现状41.4 本文的主要工作和论文结构5第二章 背景知识62.1入侵检测的概念62.1.1基本术语62.1.2 IDS基本结构72.1.3 入侵检测的分类72.1.4入侵检测性能关键参数82.1.5入侵诱骗技术、蜜罐技术与入侵响应技术82.2入侵防御的核心思想和模型92.3 Snort介绍102.3.1 Snort原理102.3.2 Snort系统组成112.4防火墙的类别与特点122.4.1 包过滤防火墙122.4.2 应用代理防火墙122.4.3 复合型防火墙132.4.
11、4防火墙操作系统142.4.5防火墙的抗攻击能力与局限性142.4.6 防火墙术语142.5 本章小结15第三章 SNORT的部署与分析163.1 Snort的配置163.1.1 Snort的安装163.1.2 Snort配置文件的修改173.1.2 Snort连接数据库173.2 Snort的使用183.2.1 Snort的运行183.2.2 BASE分析引擎193.3 Snort报警信息分析213.3.1 从数据库中还原警报信息223.3.2 警报的具体含义223.3.3 报警信息处理方案243.4 本章小节25第四章 包过滤式防火墙的实现264.1 简介264.2 MyFirewall的
12、结构264.3 MyFirewall的工作流程274.4 核心代码分析294.5 本章小结30第五章 MYIPS的设计与实现315.1 MyIPS系统设计315.1.1 UI界面设计315.1.2系统结构设计325.1.3数据库设计335.2 MyIPS详细设计说明345.2.1 入侵检测模块345.2.2 监听报警模块365.2.3 入侵响应模块和包过滤器模块385.2.4 界面美化工作425.3 实验结果和相关问题的讨论425.4 本章小结45第六章 总结46参考文献48致谢49ContentsCHAPTER 1 INTRODUCTION11.1 Research Topics Backg
13、round and Significance11.2 Intrusion Prevention Systems Developing Process21.3 The Status Quo at Home and Abroad41.4 The Main Work and Structure of This Thesis5CHAPTER 2 BACKGROUND KNOWLEDGE62.1 The Concept of Intrusion Detection62.1.1 Basic Terms62.1.2 The Basic Structure of Intrusion Detection Sys
14、tem72.1.3 Types of Intrusion Detection72.1.4 Key Parameter of Intrusion Detections Performance82.1.5 Intrusion Deception Technology,Honeypot and Intrusion response Technology82.2 The Kernel and Model of Intrusion Prevention System92.3 Snorts Introduction102.3.1 Snorts Elements102.3.2 Snorts Structure112.4 The Category and Characteristics of Firewall122.4.1 Packet Filter Firewall122.4.2 Application Gateway Firewall122.4.3 Compound Firewall132.4.4 Operation System with Firewall142.4.5 Firewalls anti-attack ability and Limitations142.4.6 Basic Terms142.5 Chapter Summary15CHAPTER 3 SNORTS DE
