Design and Implementation of IDS Device Detection Tool

doi:10.3969/j.issn.1671-1122.2016.05.004

Abstract

Abstract:

With the rapid development of Internet, network attacks, intrusions and other security problems become increasingly serious. In order to protect the security of networks and computer systems, various network protection tools are emerging, such as firewall, IDS, etc. And IDS has already become an important way to protect the system and network. In order to keep system and network more security, IDS need to be test and evaluate more promptly. Although there are some IDS device testing tools, but there are still some limitations in them. How can it be tested and evaluated convenient and efficient has become the focus of current research. This paper designs a set of IDS device detection tools to analysis types of IDS rules, restructure them, and generate unified alarm file. Through the analysis of alarm files, the rate of false positives and non-response of IDS device can be calculated. It implements structure of different characteristics rules packet. As to different types of alarm information it can analysis and generate alarms unified file. So it has some value of general use.

Key words: intrusion detection, detection tool, rules resolve, restructuring, packet structure

CLC Number:

TP309

Guozhen SHI, Meng ZHANG, Peng FU, Mang SU. Design and Implementation of IDS Device Detection Tool[J]. Netinfo Security, 2016, 16(5): 23-29.

Figures/Tables 11

References 17

[1]	PUKETZA N J, ZHANG K, CHUNG M, et al.A Methodology for Testing Intrusion Detection System[J]. IEEE Transactions on Software Engineering, 1996, 22(10): 720-728.
[2]	LIPPMANN R, HAINES J W, FRIED D J, et al.The 1999 DARPA Off-Line Intrusion Detection Evaluation[J]. Computer Networks, 2000, 34(4): 579-595.
[3]	ALESSANDRI D.Using Rule-Base Activity Descriptions to Evaluate Intrusion Detection System[C]// Springer. Third International Workshop on the Recent Advances in Intrusion Detection, October 2-4, 2000, Toulouse, France. Heidelberg: Springer, 2000: 183-196.
[4]	刘伟,李泉林,芮力. 一种入侵防御系统性能分析方法[J]. 信息网络安全,2015(9):46-49.
[5]	黄沁峰. 入侵检测系统测试与评估方法的研究[D]. 成都:四川大学,2005.
[6]	刘涛. 入侵检测系统的评估方法与研究[D]. 保定:河北大学,2008.
[7]	戚名钰,刘铭,傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全,2015(2):15-18.
[8]	徐明,陈纯,应晶. 基于系统调用分类的异常检测[J]. 软件学报,2004,15(3):391-403.
[9]	胡华平,陈海涛,黄辰林,等. 入侵检测系统研究现状及发展趋势[J]. 计算机工程与科学,2001,23(2):20-25.
[10]	骆德文. 网络安全态势感知与趋势分析系统的研究与实现[D]. 成都:电子科技大学,2008.
[11]	汤健,孙春来,毛克峰,等. 基于主元分析和互信息维数约简策略的网络入侵异常检测[J]. 信息网络安全,2015(9):78-83.
[12]	邢雪霞. 基于数据挖掘的网络入侵检测系统的研究[D]. 成都:成都理工大学,2014.
[13]	何全胜,姚国祥. 网络安全需求分析及安全策略研究[J]. 计算机工程,2000,26(6):56-58.
[14]	何鹏程,方勇. 一种基于Web日志和网站参数的入侵检测和风险评估模型的研究[J]. 信息网络安全,2015(1):61-65.
[15]	刘伟. 现代体系结构上的网络入侵检测系统[D]. 厦门:厦门大学,2008.
[16]	Net Security. IDS Informer [EB/OL]. .
[17]	张明,许博义,许飞. 一种基于混合模式的Web入侵检测系统架构研究[J]. 信息网络安全,2015(9):6-9.