The Study and Implementation of Intrusion Detection and Security Policy Management System Based on Network Topology

• Main Authors: Chin-Wei Chang, 張勁為
• Other Authors: Chi-Sung Laih
• Format: Others
• Language: en_US
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/74292366750370509768

碩士 === 國立成功大學 === 電腦與通信工程研究所 === 95 === With the rapid development and popularization of Internet, people get mort rely on Internet; today, no matter the industry, commerce, government, military or even individual is inseparable form network, which makes the damage and threat of attack or intrusion behavior become more noticeable. Therefore, the network security devices become the essential devices when deploying the network. One of these security devices, Intrusion Detection System, is used for detecting all kinds of attacks, intrusion behaviors, and anomaly behaviors; and among various IDS, signature-based IDS is the most common IDS, besides, it also has high detection rate. However, with the increase of attack types and intrusion methods, the signature-based IDS must increase its detection rules to avoid false negative. While the detection rules increase, the system must consume more memory and hard disk space to storage the detection rules, besides, the detection time increases and the CPU may also overloads. For the reason above, we proposed and implemented a system to reduce the rules by network topology data, and by this system, we designed a distributed intrusion detection system architecture which the amount of each IDS should be less and the average detection rules for each node should be less, too. Finally, we evaluated and verified our system by several experiment, and the results showed our system can reduce a lot of unrelated rules without much false negative increasing.