构建基于Snort的入侵检测系统

郑州轻院轻工职业学院

专科毕业设计（论文）

题 目 构建基于Snort的入侵检测系统 学生姓名 专业班级 学 号 系 别 指导教师(职称) 完成时间

基于ISA Server防火墙的设计和实现

构建基于Snort的入侵检测系统

摘 要

随着计算机网络的不断发展，信息全球化己成为人类发展的大趋势。但由于计算机网络具有连接形式多样性、终端分布不均匀性和网络开放性、互联性等特征，致使网络易遭受黑客、骇客、恶意软件和其它攻击，所以网上信息的安全和保密是一个相当重要的问题。对于军用的自动化指挥网络和银行等传输敏感数据的计算机网络系统而言，其网上信息的安全性和保密性尤为重要。因此，上述的网络必须有足够强的安全措施，否则该网络将是个无用的、甚至会危及国家的网络安全。无论是在局域网还是在广域网中，都存在着自然或人为等诸多因素的脆弱性和潜在的威胁。因此，网络安全变得越来越重要。

Snort入侵检测系统是一个典型的开放源代码的网络入侵检测系统，目前多数商用入侵检测系统都是在其设计原理和实现特点的基础上研发的。对Snort入侵检测系统的研究具有较强的学术意义和较高的商业价值。本文就是围绕Snort检测技术进行的研究，进一步开发出Windows平台下基于Snort的入侵检测系统。

文章首先介绍了入侵检测系统的一些相关知识，其中包括：入侵检测技术的定义，常见入侵技术，入侵检测方法以及对Snort网络入侵检测系统进行了介绍、分析和安装。然后，针对原有Snort界面不友好的特点，在Windows系统平台利用改进后的算法在其基础上设计并开发了具有图形界面的入侵检测系统，并针对VC列表控件开发了相应的入侵检测系统输出插件。弥补了原有Snort系统由于基于控制台界面，配置繁琐，操作复杂等的缺点，提高了其与Windows系统上其它程序交互的能力，在加速Snort在Windows平台的普及上具有重要的实用价值。最后，通过实验演示，证明改进后的入侵检测系统能够很好的满足在Windows平台的应用需要。

关键词 Snort/VPN/入侵检测

1

基于ISA Server防火墙的设计和实现

Building Snort intrusion detection system based on

ABSTRACT

With the continuous development of computer networks, globalization of information has become the trend of human development. However, due to a computer network .Diversity of connection, terminal and network uneven distribution of openness, connectivity and other features, resulting in the network vulnerable to hackers, hackers, malware and other attacks, so security and confidentiality of online information is a very important issue. Automation command for the military network and transmission of sensitive data banks, computer network system, its online information security and confidentiality is particularly important. Therefore, the network must have a strong enough safety measures, otherwise the network would be a useless and even endanger the country's network security. Both in the LAN or WAN, there is a natural or man-made factors such as vulnerability and potential threats. Therefore, network security becomes increasingly important.

Snort Intrusion Detection System is a typical open source network intrusion detection system, for most commercial intrusion detection systems are in its design principle and implementation of features based on research and development. Of the Snort intrusion detection system with a strong academic significance and high commercial value. This is around the Snort detection technology research, further development of the Windows platform based intrusion detection system Snort.

The article first introduces some intrusion detection systems knowledge, including: the definition of intrusion detection technology, common intrusion techniques, intrusion detection and network intrusion detection system for Snort are introduced, analysis and installation. Then, for the unfriendly interface of the original features of Snort, the Windows platform using the improved algorithm based on its design and graphical interface, developed with intrusion detection system, and developed a list control for the VC corresponding output of intrusion detection system plug-in. Snort system due to make up for the original console-based interface to configure the tedious, complicated operation and other shortcomings, improved Windows systems with the ability to interact with other programs, in accelerating the popularity of Snort on the Windows platform, has important practical value. Finally, experimental demonstration to prove the improved intrusion detection system can well meet the application needs in the Windows platform .

KEYWORDS Snort , VPN , Intrusion Detection

2

基于ISA Server防火墙的设计和实现

目 录

1入侵检测相关技术简介 .......................................................................................1

1.1入侵检测技术定义 .....................................................................................1 1.2入侵检测系统的作用 ................................................................................1 1.3入侵检测系统的检测信息来源 ..............................................................1 1.4常见入侵技术简介 .....................................................................................2 1.5入侵检测方法介绍 .....................................................................................3 1.6下面是几种入侵检测系统常用的检测方法 ......................................3 2 Snort简介 ...............................................................................................................3

2.1Snort系统工作原理 ...................................................................................4 2.2 Snort系统的特点 .....................................................................................5 2.3 Snort系统的现状 .....................................................................................6 3 Snort 的安装 .........................................................................................................7

3.1安装Apache服务器 ...................................................................................7 3.2安装PHP .........................................................................................................7 3.3安装winpcap网络驱动 ............................................................................8 3.4安装Snort入侵检测系统 .......................................................................8 3.5安装Mysql 数据库 ....................................................................................8 3.6安装adodb 组件.........................................................................................9 3.7安装jgraph 组件 ......................................................................................9 3.8安装acid(网页文件)组件 ......................................................................9

3

基于ISA Server防火墙的设计和实现

3.9加入Snort 规则....................................................................................... 10 3.10最后测试相关 .......................................................................................... 10 结束语.......................................................................................................................... 14 致 谢.......................................................................................................................... 15 参考文献 ..................................................................................................................... 16

4

基于ISA Server防火墙的设计和实现

参考文献

[1]卢卫．入侵检测Snort的研究与应用[M]． 中国地质大学． 2006，5

[2]李洪宇．基于Snort系统特殊字符串匹配算法的研究[D]．哈尔滨理工大学． 2005，3 [3] 康振勇．网络入侵检测系统Snort的研究与改进[D]．西安电子科技大学．2006，1 [4]林文卿．基于Snort的入侵检测系统在校园网中的应用研究[D]．浙江工业大学．2007年

[5代文超．基于Snort.的入侵检测系统研究[D]．华东师范大学 2006，3

[6]楼亮．基于Snort的入侵检测系统的分析和改进[D]．上海交通大学 2006，12 [7]刘晓飞．基于Snort的分布式网络纵深防御系统模型的研究[D]]．浙江大学．2007，8 [8]智云生．Snort检测引擎中检测算法的研究与改进[D]．湖南大学．2007，5

16

本文来源：https://www.bwwdw.com/article/xpyd.html