摘要
计算机入侵检测已经成为安全领域中一个越来越重要的技术。入侵检测系统(IDS)通过收集和分析计算机网络系统的关键信息,并将违反安全策略的标志事件或攻击通知系统作出响应。据此,本文从入侵检测系统的基本框架出发,讨论基于网络的数据包捕获技术与分析技术,详细阐述入侵检测系统的总体设计过程,以及在Linux环境下采用Libpcap库函数提供的网络数据包捕获与分析函数实现数据包监测功能,并从代码的角度重点分析数据的捕获和处理方式,通过实验验证本文提出的关于网络数据包监测方法的可行性。
Intrusion detection technology for computer has become a more and more important technic in fields of security. IDS can collect and ana-lyze the key information of computer network system, and make response for the violation of security policy on marking the incident or at-tacks to notify system. Therefore, starts from the basic framework of IDS, discusses the capture technology and analysis technology based on network data packets. Also starts from the design process of IDS in details, and performs network data packet monitoring using the da-ta packet captured and analysis function of Libpcap Library under the environment of Linux, then from the view of code analyzes data captured and the processing method. Experiments show that this method is feasible and available.
出处
《现代计算机》
2015年第6期67-71,76,共6页
Modern Computer
基金
河源市社会发展科技项目(No.2013-113)
