【正文】 鄭州輕院輕工職業(yè)學(xué)院 專科畢業(yè)設(shè)計（論文） 題 目 構(gòu)建基于 Snort 的入侵檢測系統(tǒng) 學(xué)生姓名 專業(yè)班級 學(xué) 號 系 別 指導(dǎo)教師 (職稱 ) 完成時間 1 構(gòu)建基于 Snort 的入侵檢測系統(tǒng) 摘 要 隨著計算機網(wǎng)絡(luò)的不斷發(fā)展，信息全球化己成為人類發(fā)展的大趨勢。但由于計算機網(wǎng)絡(luò)具有連接形式多樣性、終端分布不均勻性和網(wǎng)絡(luò)開放性、互聯(lián)性等特征，致使網(wǎng)絡(luò)易遭受黑客、駭客、惡意軟件和其它攻擊，所以網(wǎng)上信息的安全和保密是一個相當(dāng)重要的問題。對于軍用的自動化指揮網(wǎng)絡(luò)和銀 行等傳輸敏感數(shù)據(jù)的計算機網(wǎng)絡(luò)系統(tǒng)而言，其網(wǎng)上信息的安全性和保密性尤為重要。因此，上述的網(wǎng)絡(luò)必須有足夠強的安全措施，否則該網(wǎng)絡(luò)將是個無用的、甚至?xí)＜皣业木W(wǎng)絡(luò)安全。無論是在局域網(wǎng)還是在廣域網(wǎng)中，都存在著自然或人為等諸多因素的脆弱性和潛在的威脅。因此，網(wǎng)絡(luò)安全變得越來越重要。 Snort 入侵檢測系統(tǒng)是一個典型的開放源代碼的網(wǎng)絡(luò)入侵檢測系統(tǒng)，目前多數(shù)商用入侵檢測系統(tǒng)都是在其設(shè)計原理和實現(xiàn)特點的基礎(chǔ)上研發(fā)的。對 Snort 入侵檢測系統(tǒng)的研究具有較強的學(xué)術(shù)意義和較高的商業(yè)價值。本文就是圍繞 Snort檢測技術(shù)進行的研 究，進一步開發(fā)出 Windows平臺下基于 Snort的入侵檢測系統(tǒng)。 文章首先介紹了入侵檢測系統(tǒng)的一些相關(guān)知識，其中包括：入侵檢測技術(shù)的定義，常見入侵技術(shù)，入侵檢測方法以及對 Snort 網(wǎng)絡(luò)入侵檢測系統(tǒng)進行了介紹、分析和安裝。然后，針對原有 Snort 界面不友好的特點，在 Windows 系統(tǒng)平臺利用改進后的算法在其基礎(chǔ)上設(shè)計并開發(fā)了具有圖形界面的入侵檢測系統(tǒng)，并針對VC 列表控件開發(fā)了相應(yīng)的入侵檢測系統(tǒng)輸出插件。彌補了原有 Snort 系統(tǒng)由于基于控制臺界面，配置繁瑣，操作復(fù)雜等的缺點，提高了其與 Windows 系統(tǒng)上其它程序交互的能力，在加速 Snort在 Windows平臺的普及上具有重要的實用價值。最后，通過實驗演示，證明改進后的入侵檢測系統(tǒng)能夠很好的滿足在 Windows 平臺的應(yīng)用需要。 關(guān)鍵詞 Snort/VPN/入侵檢測 2 Building Snort intrusion detection system based on ABSTRACT With the continuous development of puter works, globalization of information has bee the trend of human development. However, due to a puter work .Diversity of connection, terminal and work uneven distribution of openness, connectivity and other features, resulting in the work vulnerable to hackers, hackers, malware and other attacks, so security and confidentiality of online information is a very important issue. Automation mand for the military work and transmission of sensitive data banks, puter work system, its online information security and confidentiality is particularly important. Therefore, the work must have a strong enough safety measures, otherwise the work would be a useless and even endanger the country39。s work security. Both in the LAN or WAN, there is a natural or manmade factors such as vulnerability and potential threats. Therefore, work security bees increasingly important. Snort Intrusion Detection System is a typical open source work intrusion detection system, for most mercial intrusion detection systems are in its design principle and implementation of features based on research and development. Of the Snort intrusion detection system with a strong academic significance and high mercial value. This is around the Snort detection technology research, further development of the Windows platform based intrusion detection system Snort. The article first introduces some intrusion detection systems knowledge, including: the definition of intrusion detection technology, mon intrusion techniques, intrusion detection and work intrusion detection system for Snort are introduced, analysis and installation. Then, for the unfriendly interface of the original features of Snort, the Windows platform using the improved algorithm based on its design and graphical interface, developed with intrusion detection system, and developed a list control for the VC corresponding output of intrusion detection system plugin. Snort system due to make up for the original consolebased interface to configure the tedious, plicated operation and other shortings, improved Windows systems with the ability to interact with other programs, in accelerating the popularity of Snort on the Windows platform, has important practical value. Finally, experimental demonstration to prove the improved intrusion detection system can well meet the application needs in the Windows platform . KEYWORDS Snort , VPN , Intrusion Detection 3 目 錄 1 入侵檢測相關(guān)技術(shù)簡介 .......................................................................................1 入侵檢測技術(shù)定義 .....................................................................................1 入侵檢測系統(tǒng)的作用 ................................................................................1 入侵檢測系統(tǒng)的檢測信息來源 ..............................................................1 常見入侵技術(shù)簡介 ............................