Abercrombie France,Personal Intrusion Detection Sy

kingu43vgg9

Personal Intrusion Detection System

Abstract intrusion detection system (IDS) can be on the system or network resources in real-time detection,[link widoczny dla zalogowanych], to detect intruders break into systems or networks, but also can prevent legitimate users of the misuse of resources . This paper from the basic theory of intrusion detection and intrusion detection is the key technology of departure,[link widoczny dla zalogowanych], the main study a simple web-based individuals on the windows platform implementation of intrusion detection system (PIDS, Personal Intrusion Detection System). Paper first analyzes the current status of network security, intrusion detection technology introduced the history and the key to the current theory of intrusion detection systems. Analysis of the Windows network architecture and development tools Winpcap packet capture and filtering structure. Finally, Winpcap system environment to achieve the system design. The system uses anomaly detection, real-time data through the Winpcap packet interception, while IP packets from the intercepted an overview of events to extract information and send it to intrusion detection module, using quantitative analysis method to analyze the information. System in the actual tests show that the quantitative characteristics for a good network intrusion detection. Finally, we summed the existing problems and system improvements, and the function of the system proposed under the development direction of the follow-up. Keywords: network security; intrusion detection; packet capture; PIDS 1.1 1.1.1 Overview of Network Security network security problems arise from different angles can make a difference on network security interpretation. General sense,[link widoczny dla zalogowanych], the network security is the security and control of information security in two parts. International Organization for Standardization to information security is defined as Internet and innate openness, interaction, and dispersion characteristics of the human longing for information sharing, open, flexible and fast and other needs are met. Network environment for information sharing, information exchange, information services to create an ideal space for the rapid development of network technology and wide application of the progress of human society provided a great impetus. However, it is the above-mentioned characteristics of the Internet, resulting in a number of security issues: (1) information leakage, information pollution, information not easily controlled. For example, resource use unauthorized intrusion, unauthorized information flow occurs, the system refused to deny the information flow and systems such as these are technical difficulties in information security. (2) in a network environment, some organizations or individuals for a particular purpose of information disclosure, information destruction, information and ideology of information penetration infringement, or even political subversion through the network activities to national interests and social and public interests and the legitimate rights and interests of the main types of threats. (3) the trend of the network using the whole society to participate, followed by a decentralized control of the management. Because people interests, goals, values differences, so that the protection and management of information resources out of line and vacuum, so that information security has become extensive and complex. (4) with a high degree of community of critical infrastructure information, society's 1.1.2 network information system security threat current network security threats facing information systems are: (1) the illegal use of services: The purpose of this attack the illegal use of network capacity unauthorized access to the network should be impossible. Unfortunately for the network to share resources and information tool, the program has many security holes, and use of these vulnerabilities can be visited on the system. (2) the identity impersonate; the focus of this attack is to trust in the network, there are IP spoofing and masquerading fake user name. (3) data theft: refers to the protection of important data obtained by unauthorized users, such as an intruder using wiretapping electromagnetic radiation or other means to inject user passwords, account numbers and other important sensitive information. (4) destroy data integrity: refers to the stolen through illegal means, the system must use the authority, and delete, modify,[link widoczny dla zalogowanych], forged some important information to interfere with the user's normal use of further attacks or to facilitate the invaders. 1.1.3 hosts on the network personal attacks to find each other first through the scanning machine can be invaded, that flaw detection; and then determine the machine's IP address; then use the appropriate tools to launch some kind of attack attack. Network sniffer, sniffer is a network monitoring tool (such as: sniffer), network interface, the tool can be intercepted by computer the other computer's data. Sniffer works in the bottom of the network environment, it will intercept all the data is sent over the network, and through the corresponding software contents of real-time analysis of these data, and then clearly state in which the network and the overall layout. Reasonable network sniffer is critical for system administrators, through the sniffer can monitor the data flow and network transmission of information to the administrator to determine network problems, manage network provides valuable information. However, if the hackers use sniffer, he can access and system administrators as important and sensitive information (such as: in a local area network, the sniffer can easily intercepted transmission over the Internet user names, passwords, credit card numbers and account number, etc.) and thus pose a threat to network security. Its working principle is: in a shared medium network (such as Ethernet), a segment can access all the network interfaces to transfer all data media. Each network interface hardware address and other network interface hardware address is different, and at least one for each network broadcast address. Broadcast address does not correspond to a specific network interface, but on behalf of all network interfaces. When a user sends data, the data will be sent to all available machines on the LAN. In general, all machines on the network can In other words, the workstation is Workstation B A not capture the data, but to simply ignore these data. When the sender would like to draw the network of all the attention of the host operating system,[link widoczny dla zalogowanych], he uses the Thus, in normal circumstances, a legitimate response to such a network interface should only be two data frames: one frame of the target area and local network interface with the hardware address that matches the second frame of the target area is a In both cases, the received data frame above, the host CPU generated by hardware interrupts, the interrupt can cause the operating system attention, and then included in the frame data to the system for further processing. The sniffer is a state of the local computer can be set to hardware interrupts are generated so as to alert the operating system handle for each segment through the message package. In this mode, the network interface to capture all the data frames on the network, which can achieve the purpose of monitoring.

	Forum SIMSON JAWA ROMET (!!) Strona Główna -> Kupię	Wszystkie czasy w strefie EET (Europa)
Strona 1 z 1