Network Intrusion Detection System Based on Protocol Analysis

doi:10.3969/j.issn.1006-2475.2014.02.045

Abstract

Abstract: Traditional network intrusion detection system has been unable to meet people’s demands of network security today. This paper presents a new design with internal rules and external rules based on protocol analysis. In external rules, a new threats description language is designed, which is similar to traditional programming languages, understandable and powerful. The internal rules enrich the logic in detection so that complex threats or even which with status can be detected. Compared with the system available, this new design is more accurate and more powerful.

Key words: network security, intrusion detection, protocol analysis

CLC Number:

TP393.08

YANG Yang, ZHAO Hong-song, YUE Yu-jian, DU Yuan.

Network Intrusion Detection System Based on Protocol Analysis

[J]. Computer and Modernization, 2014, 0(2): 201-204.

References

[1] Anderson J P. Computer Security Threat Monitoring and Surveillance[DB/OL]. http://csrc.nist.gov/publications/history/ande80.pdf, 1980-02-26.

[2] Lee W, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models[C]// Proceedings of the 1999 IEEE Symposium on Security and Privacy. 1999:120-132.

[3] Proctor P E. Practical Intrusion Detection Handbook[M]. Prentice Hall, 2001.

[4] 张博,李伟华,史兴键,等. IPv6环境下的入侵检测系统模型设计[J]. 西北工业大学学报, 2005,23(1):79-83.

[5] Julia Allen, Alan Christie, William Fithen, et al. State of the Practice of Intrusion Detection Technologies[R]. Carnegie Mellon University, 2000.

[6] Kumar S. Classification and Detection of Computer Intrusions[D]. Purdue University, 1995.

[7] 蒋建春,马恒太,任党恩,等. 网络安全入侵检测:研究综述[J]. 软件学报, 2000,11(11):1460-1466.

[8] 宋志鹏. 基于协议分析的网络入侵检测系统的研究与设计[D]. 济南:山东师范大学, 2007.

[9] 景蕊,刘利军,怀进鹏. 基于协议分析的网络入侵检测技术[J]. 计算机工程与应用, 2003,39(36):128-133.

[10] Brian Caswell. Snort[EB/OL]. http://www.snort.org, 2013-09-19.

[11] Yao Guoxiang, Guan Quanlong, Lin Liangchao, et al. Research and implementation of next generation network intrusion detection system based on protocol analysis[C]// Proceedings of the 2008 International Colloquium on Computing, Communication, Control, and Management. 2008,2:353-357.

[12] Tamir Gal, Chris Morgan. SharpPcap: A Packet Capture Framework for .NET[EB/OL]. http://www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET, 2011-09-14.

[13] Shen Zihao, Wang Hui. Research on IPv6 intrusion detection system based on state protocol analysis[C]// Proceedings of the 2nd International Conference on Communication Systems, Networks and Applications. 2010,1:90-93.

[14] Shan Zheng, Chen Peng, Xu Ying, et al. A network state based intrusion detection model[C]// Proceedings of the 2011 International Conference on Computer Networks and Mobile Computing. 2001:481-486.

[15] Abbes T, Bouhoula A, Rusinowitch M. Protocol analysis in intrusion detection using decision tree[C]// Proceedings of the 2004 International Conference on Information Technology: Coding and Computing. 2004,1:404-408.

[16] 谢希仁. 计算机网络(第5版)[M]. 北京:电子工业出版社, 2008.