Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 89 === Intrusion detection system is an essential portion of the whole security framework;
thus we pay much attention on the IDSs refinement issue.
From other IDS researches, we realize that general IDSs have ability to
detect intrusion, but hardly having the capability to let system administrator
easily modeling an new IDSs according to their architecture. Hence, we propose
fast prototyping framework for intrusion detection.
In this thesis, we investigate into different IDSs and try to find the same elements
of them, and this helps to pay true the fast prototyping framework. After IDS main
elements are observed, we found that IDS essential elements can be interpreted as
software layers. Hence, a multi-layer IDS is proposed to accomplish the goal of
fast prototyping for intrusion detection. However, the multi-layer IDS design
concept is far away from all-in-one IDS in the past, so we will describe why
and how to use multiple layers while modeling an IDS with MLIDS. And through
software pattern analysis MLIDS framework then becomes more concrete and real.
Besides the implementation, we show how to add components into layers in
MLIDS framework, and also demonstrate some applications. To justify the fitness
of variety environment, we discuss efficiency, capacity, and performance of it.
|