Dissertation > Excellent graduate degree dissertation topics show

Snort Analysis and Applying Visually

Author: LvMing
Tutor: ZuoZhongPing
School: Huazhong University of Science and Technology
Course: Software Engineering
Keywords: Snort NIDS Rule Preprocessor Detection engine
CLC: TP393.08
Type: Master's thesis
Year: 2008
Downloads: 148
Quote: 0
Read: Download Dissertation

Abstract


With the development of computer network security has become an international problem, the annual global computer network security system is destroyed and caused economic losses amounting to tens of billions of dollars. Snort is based on a the libpcap lightweight network intrusion detection system (Lightweight detection minimal impact on the normal operation of the network), it has an excellent lightweight NIDS should have cross-platform operation and system affect the minimum, and other features, and allows administrators to real-time security response in a short time by modifying the configuration. As an open source network intrusion detection system, Snort has very good scalability and portability, and has become an important object of many research institutions and network security provider profiling. Snort has three operating modes: sniffer, packet logger, and network intrusion detection systems. It has real-time data flow analysis and the ability to log IP network packets, and can perform protocol analysis, content searching and matching. It can detect a variety of attacks, and attacks in real time alarm. This article Snort overall framework for a more in-depth study. When Snort starts, it will be based on the information in the configuration file, line by line reading out all attack rules in the rules file, the formation of a three-tier chain tree, and then use the libpcap packet capture from the card cycle against the TCP / IP protocol analysis, the data structure stored in a Packet, all the information of the data packets are included in the Packet. Necessary preprocessing the packet is then passed to the preprocessor, such as IP fragment reassembly, TCP stream reassembly. Then sent to the detection engine, packet rules linked list tree match, if the match is successful, then the alarm. Therefore, this article Snort entire testing process is divided into five modules: rule processing module, data packet capture and decoding module, the pre-processor module, the detection engine module, alarm output module. For each module, there is introduced the corresponding data structures, algorithms, features, principle, and very important function, but also in the form of pseudo-code, are introduced, especially the most important module in Snort - detecting engine module, for the most detailed description. Snort detection for Snort visualization is not strong, it was adaptive improvements, including part of the code some modifications write a scheduler Detector, and use it to configure the parameters of the Snort, Snort sends scheduling command receiving and processing Snort alarm information.

Related Dissertations

  1. Improvement of Ant Colony Algorithmand Its Application in Robot Path Planning,TP242
  2. On Ecological Politics of Murray Bookchin,D09
  3. On Criteria for Selection of Criminal Elements,D914
  4. Hearsay Rule,D925.2
  5. Structural Browsing Technology Based on Association Rules and It’s Application,TP391.41
  6. Study of snort -based IPS,TP393.08
  7. Mechanisms based on trust metrics Research and Implementation of Intrusion Detection System,TP393.08
  8. Design and implementation of intrusion detection system based on association rules,TP393.08
  9. A Investigation on Legalization of Grant-aided System in National Higher Education,D922.16
  10. The Issue of Village Regulation in the Process of China Legalization,D920.0
  11. The Study on Constructing a Government under the Rules of Law,D922.1
  12. Research on the Relationship between Minority Nationality Common Law and Administrative Rule of Law,D922.1
  13. On the Administrative Law Control Over the Security Police Power,D922.1
  14. Law Thinking of the prevention of juvenile delinquency,D917
  15. On the Problem of the Pepole Who Have Acknowledged Guilt in Our Criminal Law,D924.13
  16. Circular Economy in Guiyang comprehensive study of the rule of law,D922.6;D927
  17. Study on the Exercising Macro-Control Power,D922.29
  18. The Research of Network Intrusion Detection System in Campus LAN,TP393.08
  19. The Design of Campus Network Distributed Intrusion Detection System Based on Snort,TP393.08
  20. On the Achievements and Weaknesses of Rule of Law in U.S. Foreign Trade,DD912.29
  21. Legal Supervision on Anti-takeover of Listed Companies,D922.291.91

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile