NETWORK PACKET INTRUSION DETECTION SYSTEM AND METHOD BASED BY LINUX

摘要

PURPOSE: A packet intrusion detecting system in a Linux based network and a method thereof are provided to successively detect intrusion for other network packets during examining intrusion for the Linux based network. CONSTITUTION: A kernel space driving unit(110) receives a policy for network packets from a user space driving unit(120). The kernel space driving unit applies the policy to the network packet stored in a kernel packet queue. The user space driving unit stores a user packet queue to the network packet transmitted from the kernel space driving unit. The user space driving unit establishes the policy for the network packet. The user space driving unit transmits the established policy to the kernel space driving unit. [Reference numerals] (101) Application process; (102) Network card; (110) Kernel space driving unit; (111) Packet collection analysis module; (112) Policy check module; (113) Kernel policy rule DB; (114) Kernel packet queue; (115) Queue monitoring module; (116,121) Net link transeiving module; (117) Queue and policy processing module; (120) User space driving unit; (122) Authentication request processing module; (123) User packet queue; (124) User questionnaire module; (125) User policy rule DB