Description: ACID入侵检测分析台可提供图形用户界面以及-ACID Intrusion Detection Analysis of Taiwan may provide the graphical user interface and Platform: |
Size: 116728 |
Author:肖玉 |
Hits:
Description: Deep Network Analyzer(DNA)是一个灵活的,可扩展的深度网络分析器(服务器软件)与框架,它可收集和分析网络数据包,网络对话(sessions)与应用层协议(HTTP,DNS,P2P,VoIP等),被动地隔离企业级网络.DNA主要设计用于Internet安全,入侵探测,网络管理,协议与网络分析,信息搜集,网络监测应用程序.-Deep Network Analyzer (DNA) is a flexible, Depth can be extended network analyzer (server software) and the framework, which will collect and analyze data packet network, Network Dialogue (sessions) and the application layer protocol (HTTP, DNS, P2P, VoIP, etc.), passive isolation enterprise network. DNA designed mainly for Internet security, Intrusion detection, network management, network agreement with the analysis, information gathering, network monitoring applications. Platform: |
Size: 12617728 |
Author:秦宗全 |
Hits:
Description: 不错的snort源码分析材料,作者首先介绍了snort原理和架构,然后分析snort源码,对于理解入侵检测很有帮助。-Analysis snort good source material, the author first introduced the principle and structure of snort, and then snort source analysis, intrusion detection helpful for understanding. Platform: |
Size: 1344512 |
Author:lile |
Hits:
Description: 本文首先系统分析了 snort 规则的组成,详细的介绍了各个部分的含义,这对于开发出新的入侵检测系统,建立自己的攻击规则库有很大的帮助。针对系统所需的适应性和自治性,在详细剖析 snort 规则同时,着重研究基于 CVE 入侵检测系统的规则库的实现,底层嗅探器的实现和嗅探过程等问题。在规则特征选项的模式匹配问题上进行重点说明,给出了一种改进的检测方法,即结合使用协议分析进行模式匹配,从试验数据上大大提高了效率,减少了误报率。同时,本系统所基于的 CVE 知识库,跟踪国际上 CVE 的最新发展动态,制订了国内统一的 CVE 标准,具有极大丰富的知识库,有效的解决了国内漏洞库不统一的问题.-The author also describes the architecture and functions and the design and the implement of the software. Intrusion detection system (IDS) is very important for network security. At present, the author systematically analyzes the composition and semantics of Snort rules, which may be of great help for creating signature database, then the paper studies the flexibility and self-controllability in the CVE-based Intrusion Detection System, emphasizes not only on analysis of the snort rules, but on the
realization of intrusion detecting based on CVE rules and the implement of the sniffer. Especially, this paper covers the intrusion signature matching methods, and analyzes the weakness when only uses pattern matching in intrusion analysis and presents an improved approach that combines protocol analysis and pattern matching, to dectect attacks. At the same time it gives an example to show how to use this approach. The experimental results show that the rules surely reduce the rate of misd Platform: |
Size: 478208 |
Author:陈中 |
Hits:
Description: firestorm是一个高性能网络入侵检测系统(NIDS)。目前它只有一个传感器,但计划是包括
支持实时分析、报告、远程控制台和快速切换传感器
配置。支持即插即用,非常灵活。执行效率很多比我测试过的其他系统(如如Snort和prelude)高一倍-Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible. Firestorm performs a lot better than all other systems I have tested (such as snort and prelude) by as much as a factor of 2 Platform: |
Size: 30720 |
Author:nathun |
Hits:
Description: 入侵检测系统源码分析,3. 能够分析数据包,甚至能够对系统日志进行检测和分析。-Intrusion Detection System source code analysis, 3. Be able to analyze the data packets, and can even log on the system testing and analysis. Platform: |
Size: 2245632 |
Author:江尘封 |
Hits:
Description: 从本质上说,Snort是网络数据包嗅探器。只要运行Snort时不加载规则,就可以把网络中的数据包显示出来。但是Snort的真正价值在于把数据包经过规则处理的过程。Snort灵活的和强大的语言能对网络中的所有数据包作充分的分析,决定如何处理任何特殊的数据包。Snort可以选择的方式有忽略、记录或告警管理员。Snort有很多种记录或告警的方法,例如,syslog、写入文件、写入XML格式文件、发送WinPopup消息等。当有了新的攻击手段时,只要简单加入新的规则就可以升级Snort。
-In essence, Snort is a network packet sniffer. As long as the rules do not load when running Snort, you can put the network packet is displayed. However, Snort' s real value lies in the data packet through the rules of the process. Snort flexible and powerful language able to network all packets for a full analysis, to decide how to deal with any special data packet. The forms of Snort can choose to ignore, recording, or alarm administrator. There are many records of Snort or alarm, for example, syslog, write documents, write XML format, so send WinPopup messages. With the new means of attack when the time, simply by adding new rules can upgrade Snort. Platform: |
Size: 5405696 |
Author:betty |
Hits:
Description: There are two main approaches for implementing IDS Host based and Network based. While the former is implemented in
form of software deployed on a host, the latter, usually is built as a
hardware product with its own hardware platform (IDS appliance).
In this paper, a host based intrusion detection system, that uses the
idea of tracing system calls, is introduced. As a program runs, it
uses the services of the underlying operating system to do some
system calls. This system does not exactly need to know the
program codes of each process. Normal and intrusive behaviors are
collected with gathering the sequences of system calls for each
process. Analysis of data is done via data mining and fuzzy
techniques. Data mining is used to extract normal behaviors
(normal unique rules) and Fuzzy to enhance intelligence of the
System. The proposed system is shown to improve the
performance, and decrease size of database, time complexity, and
rate of false alarms.-There are two main approaches for implementing IDS Host based and Network based. While the former is implemented in
form of software deployed on a host, the latter, usually is built as a
hardware product with its own hardware platform (IDS appliance).
In this paper, a host based intrusion detection system, that uses the
idea of tracing system calls, is introduced. As a program runs, it
uses the services of the underlying operating system to do some
system calls. This system does not exactly need to know the
program codes of each process. Normal and intrusive behaviors are
collected with gathering the sequences of system calls for each
process. Analysis of data is done via data mining and fuzzy
techniques. Data mining is used to extract normal behaviors
(normal unique rules) and Fuzzy to enhance intelligence of the
System. The proposed system is shown to improve the
performance, and decrease size of database, time complexity, and
rate of false alarms. Platform: |
Size: 710656 |
Author:keerthi |
Hits:
Description: 本文综合了IDS与IPS的特点,将协议分析、网络流量分析与深度包检测技术相结合,提出一个新的网络防御系统一“基于协议分析的网络分布式入侵防御系统(Network Distributed Intrusion Prevention System Base on the Protocol
Analysis,NDIPS),同时给出了系统的基本实现,并利用现有仿真条件及网络基
础对部分检测防御技术进行了必要的评测与验证。该系统提高了网络对入侵的实
时阻止能力,提高了网络整体的安全性。-This combination of IDS and IPS features, the protocol analysis, network traffic analysis and deep packet inspection technology, to propose a new network defense system a " protocol analysis of network-based distributed intrusion prevention system (Network Distributed Intrusion Prevention System Base on the Protocol Analysis, NDIPS), also gives a basic implementation of the system and the simulation conditions and the use of existing network infrastructure technology for detection and prevention on the part of the necessary evaluation and verification. The system is to improve the network in real time to prevent the invasion ability of and improve overall network security. Platform: |
Size: 4255744 |
Author:sdjgkj |
Hits:
Description: VC编写的基于winpcap的网络入侵检测源代码,实现网络数据包的捕获和分析,根据过滤规则对网络进行过滤-The winpcap based on VC write network intrusion detection the source code, and the realization of the network packet capture and analysis, according to filter rules network filter
Platform: |
Size: 2836480 |
Author:武东亮 |
Hits:
Description: 入侵检测的核心技术就是从网络中获取信息,对获取的信息进行分析来进一步判定是否是发生了入侵。 -The core technology of intrusion detection is to obtain information from the network, further analysis of the information obtained to determine whether the invasion occurred. Platform: |
Size: 1593344 |
Author:houying |
Hits:
Description: 简单入侵检测系统的实现
根据规则判断是否数据包是否符合规则
能对指定本机WindowsXp内置防火墙调用,并改变端口映射表。
-The realization of simple intrusion detection system
According to the rules determine whether packets is in accordance with the rules
To specify the native Windows xp built-in firewall calls, and change the port mapping table. Platform: |
Size: 10240 |
Author:1220tuantuan |
Hits:
Description: 用于检测神经网路的入侵问题的源程序代码,另有一些简单的实验结果分析数据-Neural network for the intrusion detection of the source code, and some simple experimental results analysis data Platform: |
Size: 131072 |
Author:璐璐 |
Hits: