IDS设备检测工具的设计与实现

摘要

With the rapid development of Internet, network attacks, intrusions and other security problems become increasingly serious. In order to protect the security of networks and computer systems, various network protection tools are emerging, such as ifrewall, IDS, etc. And IDS has already become an important way to protect the system and network. In order to keep system and network more security, IDS need to be test and evaluate more promptly. Although there are some IDS device testing tools, but there are still some limitations in them. How can it be tested and evaluated convenient and efifcient has become the focus of current research. This paper designs a set of IDS device detection tools to analysis types of IDS rules, restructure them, and generate unified alarm file. Through the analysis of alarm ifles, the rate of false positives and non-response of IDS device can be calculated. It implements structure of different characteristics rules packet. As to different types of alarm information it can analysis and generate alarms uniifed ifle. So it has some value of general use.%随着互联网的高速发展，网络攻击和入侵等安全问题日益严重。为了保护网络和计算机系统的安全，各种网络防护工具不断涌现，IDS已成为保护系统和网络安全的重要手段之一。为了更好地维护系统和网络安全，用户对IDS进行测试和评估的要求也越来越迫切。现有的对IDS设备进行测试的工具都具有一定的局限性，因此如何高效、方便、快捷地对IDS进行测试和评估成为当前的研究重点。文章设计了一套IDS设备检测工具，能够对不同类型的IDS规则进行分析、重组，并生成统一的报警文件，通过对报警文件的分析，可对IDS设备的漏报率、误报率等进行检测。文章设计的系统能够实现不同特征规则的检测数据包构造，对不同类型IDS设备的报警信息进行解析，生成统一的报警文件，具有良好的通用性和使用价值。