1. Home
  2. Luận văn tổng hợp
  3. Tìm hiểu hệ thống phát hiện và ngăn chặn xâm nhập IDSIPS

Tìm hiểu hệ thống phát hiện và ngăn chặn xâm nhập IDSIPS - Pdf 25

MỤC LỤC
MỤC LỤC 1
LỜI NÓI ĐẦU 4
Chương 1:Giới thiệu về IDS/IPS 5
Chương 2: Hệ thống phát hiện xâm nhập 6
Hình 1: Mô hình hoạt động của một hệ thống IDS 7
Chương 3: Hệ thống ngăn chặn xâm nhập 12
Chương 4: Phân loại IDS, IPS 17
Hình 2 : Ví dụ về một NIDS phát hiện các dạng tấn công cơ bản 17
Hình 3 : Mô hình hệ thống NIDS 18
Hình 4 : Ví dụ về HIDS hoạt động phát hiện các tấn công tới máy chủ 19
Hình 5. Mô hình hệ thống HIDS 20
Chương 5: So sánh IPS và IDS 22
TÀI LIỆU THAM KHẢO 24

  
 Mô hình hoạt động của một hệ thống IDS 
 Ví dụ về một NIDS phát hiện các dạng tấn công cơ bản 
 Mô hình hệ thống NIDS 
 Ví dụ về HIDS hoạt động phát hiện các tấn công tới
máy chủ

 Mô hình hệ thống HIDS 
 IPS ngoài luồng 
 IPS trong luồng
-1-
-2-
 !"#$
"% "&'()&)*&(%+'&),
"-% "&'(-).)&(%+'&),
"- "&'()&)*&(/-).)&(

q37b&4&]6,6&L19&6.3f*bed,P1&(
6&L,;G
(*r;*UO.O&F4IU&A*.3I6,&Y*&UK
7O&3*QN,I5&9Is>&U'N&.3I+U&7:,GN,&Y*
67O&3[&,(P7E?*'Y7994Pec&*Q*9*M+4*9*5.3
'YN1l*Q*9*`;'.K7:\17O&33+7E?*(3&6k4&J7N
N,*\),*N&:\&I6,&(K*A.3*5.6*'3+G
N,*\),e*d&3*W,kt
-4-
Chương 1:Giới thiệu về IDS/IPS
1.1. Khái niệm
& 6&L19&6.3f*bed,P1"%n"-% RI&'(
D)&)*&(S+'&), /I&'(P).)&(S+'&),X7E?*7au=3,&1M
,O,(b*,&&U&`a*+K/B*NIWf19&6ed,P1.3*N&:
f*b*9*+*kd+,[&G
Y**[&&&*N&::.O"%n"-%,&*9*7kW=3,&6
&L`(v,*A7Y*W*56"%.3"-%G"%.3"-%*N[&
O7:,*4/(7N6&L "%/"-% *N&:7E?*Z*=3 IDP-
I&'( D)&)*&(/P).)&(R"-%n"%XGO7b*7:,4IU&\*41d
=(;"%4"-%'<7E?*N,&`3+H,B*'G
1.2. Hoạt động
qU(;&7&)(I:P/;,wN&N'<'(&C&JN
.D>,w&[*5,3N*N4U&Cxy=3=(;N&[*5xy*W
`9((b*f*W=5G6+7'L"%n"-%(;&7&)(I:3+G+
KUI:&[*5,D&"%I5P`U&7E?*4K1W*P1P&
=z&EFe+KLE*P1P&.'G
qU(;&7&)(I:1d&@*N&5,&"%&)(/p
,;e),*N6&E?`[&&EF+I54.31WA=;G{?7:,=3
*N&:P`U&*9*I:&[*5,D4EO&EF?1`a`9(7
M,RI51W&EF?1&[*5,3.wd+`9(7XG

INEF/C+7a*}"-v7N&+*P16&L,;4•
IDS*h*N&:1d`6&>>&[*5`K&(&J`K&(
R&J>EF&(*5&+X+&[*5&J`K(3R&J*9**I)XG"%
19&6/Y&K*9*/[67b*`6&.O*9*+*k78`U&RLE*9*
-6-
*9*1M,O,/6&.'/Y.3(*9*/[67b*`6&7:19&6.3/6&
.'X+/Y&K'('9=E&5,;6&;.Dbaseline R&5'L7(
7;**g*Q6&LX7:&,*9*/[6I9*&EFG
 A*fV&Z[&jgiám sát - cảnh báo - bảo vệ
Giám sát :=E=E?,;€*9*(;&7IWG
Cảnh báo : `9(*9(.O&&;,;*(6&L€3VW&aG
Bảo vệ : C>&U&=P1,b*7a.3'Y*[&J3VW&a
,3*N>37&U&&Y**L=;ISed,P1.319(;G
 A*f,Hj
Phân biệt : •&C&(b*(3•G
Phát hiện :>/[6`[&&EF/Y&K>78`U&(b*
F.3('Y'('9&5=E?,;6&;.Dbaseline.
Hình 1: Mô hình hoạt động của một hệ thống IDS
‚*W,`U7E?*&@*?1.D&31M'E&P1/>=6RGXƒ
,&`&;('YI6G9*'E&P13+7E?*e9*7a`H*@'9*&;('YI6
7:7au*U7=Z*&5&'YI6G‚&;('YI6R67O34,;4
A/BX**[1,&'L*@'9*&@*?1*(*9*'YI64*N&:=3,&
`W*9*'YI6*Q6&L(b**9*N,;G%L*@'9*3+*C
.D&5&*@'9**N&:7E?*=E&(6&L7E?*`W(.6(b*`K
(3G(&EF?13(7N4.@/B4I=v/>=6'YI67E?*&+O
-7-
&W&Y*&U17U`1d&@*,3I5*N'Y=E/>=63(7E?*&Y*6G
„O3+*h=KV,&*\&3(7N7U*9*N,;G
&r*Q`*W,`U=3/C7:=Z*&5&.3=(;`s/>=6
I5&Ek&@*7;&7E?*&J*9*'YI6=KV.D6&L`W(.64.

-8-
V7U`W(,P&7O7E?*IU&?1.3(**I:,7a.37E?*/a*/ED
/;+K&^*2q&)q)=')G{[+.@/B†'/(,‡%)').3(,1&)†&*
R7E?*19&&:&;‡XG
- Phân tích dấu hiệuLE1Ek1916&Lˆe1)&41Ek
1913+/Y&K>:`U&.O&[*5G\`U7T'Y,5&W.O>
u&J*Q,z&[*5&37a/;I:,7a&@*?1GE.P+4/[
6&[*5*N&:7E?*&,&[+&(*9*`W(b*7M.3(*Q=v
/>=6&)(,&*9*/‰:G&Ia*`W&[*5*N&:7E?*,5&W4.@/B
E,&*z'YI6I:,7a7L.D*9*&[*5(b*,w/>=6*N&:
&,IU,78=[+7E?*&(**I:,7aG-Ek1913+']/B*9*&J
&Ek7Ek&J&E?*Q/>=6I:,7aG%Y19&67E?*&Y*6
`_*9*']/B*z.f`W*?1.D*9**k*UG„:4N=3
,&Ii&P&[&,;.3&EF7E?*']/B&(*9*6&L&Ek,;
R.@/BE%&=I)4Š)=%)*)4)&Š)4ˆ,)=/)‹1)&q‚%XG
- Phương pháp Colored Petri Nets&EF7E?*']/B7:&TV9&
N*9*&[*5&J>:`U&*k`W.37:&:6*9*&[*5&)(7v
ZG6&L""0*Q7;Z*-/)']/B(=()/-)&)&'GDIi
&P&3+4*9*VW&a.K'</‰/3k&(.6*`T'&K,/[6
,DGb*/C.P+4.6*=3,*(?1,&/[61A*&;1.D/>=6I:,
7a=3,&.[7Od+&LO&FG|i&P&3+I57E?*']/B
&(*9*6&L&Ek,;G
- Phân tích trạng thái phiên4,&&[*57E?*,K&W`_,&&P1
*9*,B*&K.31K*M7E?*&Y*6`H,&ISed,P17:d+&T;
6&LG9*1K7E?*&`3+&('k7v&;&91KG
- Phương pháp phân tích thống kê47d+=31Ek191&EF7E?*
']/BG3.EF/C(b*6&LR&P1*9*&*&@X7E?*&@&)(
,&'L`U&FG@/B4*9*`UE=3j7fP1EF/C47f
e[&4'L2=)&+P1&(,&*IŒ&F46'[&']/BI5
7u4`D4-•4•IŒd*[1*N&:&+7T&J,&.31\&7U,&

P*(,zEF/CG‚[&*AI3(,&'YI5?1=67E?*19&6
&,&*W`9('<7E?*'G
- Computer immunology Analogies.D'YK*A,‰/a*7E?*
*Q7a7:19&&:*9*Ii&P&7E?*ed+/Y&J,53.&5
&EF&(*9*/a*.B,;•"‹k=3EF/CK=SG53+
v,*N*9**z^**Z6&L7E?*&;(&3`H*9*V9&G9*
&[*5I&9*=zT&(,8A/B[&*NIWfd+7EF
/w&Y*&I5`&EFG„M&K4,&&P1/>=6I:,7a&,
*U7E?*'E&P17:&`3+3.?1=6*Q*9*/a*.B4'7NIU
&A**k`W7E?*`T'&K,.D&[&*W*9**z7E?*`U&p.O**Z6
&LG9*,w7N'7N7E?*']/B*(.6*I:,&=K&B**9***Z
-10-
6&L47:e),*z7E?*&;(787E?*=6&IK&(*k'HIU&A**E•
UI54,&`9(*W'<7E?*&;(G|i&P&3+*N&}=6`9(*W'[&
&[1GH;*QN=3'Y`[&=Y*&(.6*19&6=z&(*[/a*
.B,;G
- Machine learning RK*A*k*UXG„d+=3,&Ii&P&&5
,d&;(4N=E=v=67MEF/C.3(*9*`:,w.)*&(
.3']/BE,&&,*U*Q1(2=)3.EF/C&5&EFG
9*1(2=)'7N7E?*N,.3(&(,&&E.6=6EF/C*N*9*
&31M*3(7NG
- Việc tối thiểu hóa dữ liệu&EF1W/C7U,&'LIi&P&']
/BV9&&@*/>=6*E`U&E*NIWf>/B&ED*7N&J
>.a&@/>=67E?*=E&>.D'L=E?=DG1Ek191&L&:/>
=63+.E?&&k7L.D.6*']=l`W6&L=DR/>=6I:,
7aXGb*/C.P+4*\Ic,>/B7L.D.6*1d&@*=v=E=E?
,;G&&(>Ii&P&&L&:N/>=6*k`W7E?*']/B
&(19&6ed,P17E?*IU&?1.D*9**d+19V+U&G9*,5
*d+19V+U&*(1c17N*N&:19&6*9*'Y`[&&EF&(,&*k
'H/>=6=DG|i&P&I9*1W/C7U*9*7(;4*(1c1&@*,w*Q

,;G
€|+ED.u,5j19&6.3f*b*3O*3&L&47d+
=3I+ED*Q6&L19&6ed,P1"%G
€|+ED.,5jED*U&=3f*b&[&*W*9***&[*5
*N&@*[&K,&Z7L.D,;7Z&74'7N=31d&@**9*
7OI6*N&:eW+*9***&[*5,D4_,,B*7@*W,&:7U
,A*&L7*9***&[*5,;G
9*6&L"-%*N&:7E?*&:I/ED&A**9*‘&)Ž+7:
19&6.3f*b,&*9*6VW*9***&[*5,;4W,&:
&F*U&*Q,;.3*9**1@WEH7U6VWZ&7*Q
,;G9*6&L3+7E?*&:IH>.a&@_,r1;,.
-12-
I:,'N&*Q&EF=]4*NIWf19&6*9***&[*5,&*9*
*@e9*&5V1d&@*=E=E?,;/EDO1Ek191_,
77UIU&=P*@e9*.O,B*7@*&P&'Y*Q,&IU&L7U,;..P+
*N&::7E?*7N=3,&IU&L&*P++=3I5&*P+GJ.6*1d
&@*&K46&L*N&:&Y*6O&9*.BE*c1R&;(&32=)
P&IlX4*W`9(4eN*9*IU&LI5&*P+&J7NEFVW&a,;'<
*N>791AIa1&F.D*9*&&;`a&[*5+:,(b*=3*N
*9*37?1=l7L.D&J&EF?1G(3*9*6&L"-%*r
**[1*9**5*B1d&@*.37O&\1*(EFVW&a,;:
7E?*.O>7/‰&K,;.37E*9*V+U&7a'9'L&4
N11M=3,&f6VW*QW191,;G
O6&L"-%*r*NIWf&:IH*U7&B77:&
P.31d&@*N/>=6*(1c1VW&a,;*N7E?*&5&.O=E
=E?.3>+*k&v&;&K,;G+.P+*\.w*N&:7E?*
*+:'*U7/Y1r(b**U7&)Ž++IEFVW&a
,;*W,&[+_6&L7`aed,P14&[*57:*N&:1WA
&ED**9***&[*54=(;`s=E=E?(b**9*IU&LIW7:7W,
`W(_*9***&[*57NI5&:d+WEH7U6&LGGG

**&[*5GN1Ek1917:19&6*9***&[*54ed,P1
=3/r'Y=;,/B.3/r'YI5`&EFG
q-Ek191/r'Y=;,/Bj-Ek1913+1d&@**9*(;&
7*Q6&L4&,IU,*9*'YI6L.D*9*,w&[*578`U&
&ED*G9*,w&[*5`U&&ED*3+Z=3*9*/[6&[*5G(.P+
1Ek1913+*r7E?*Z=31Ek191/r/[6G|:19&6&[
*53+*NE7:,=319&6*9***&[*5.3*@e9*4I5
7E*9**W`9('=3,W,IW’(;&7*Q,;.3\1*9*
EFVW&ae9*7a*9*=zT`W(,P&&(6&L*Q,G+
K41Ek1913+*NE?*7:,=3I519&67E?**9***&[
*5I5*N&(*k'H/>=64*9*I:&[*5,D4/(.P+6&L=5
1W*P1P&*9*,w&[*5,DG
q-Ek191/r'YI5`&EFj„d+=3Ii&P&/r&5
,4P/;*9*37I5`&EF*Q,;G•6,
*Q1Ek1913+.O*9***&[*5=3I9*'(.D*9*(;&7&5
&EFG‚7M4*\=E&>*9*,5&W'k=E?*.O*9*(;&7`
&EF*Q6&LG9***&[*5'<*N>37I9*'(.D
-14-
`&EF.31Ek191/r3+*N&:P/;GN,&'LIi&P&\1
&Y*6/r'YI5`&EF*Q*9***&[*5E/ED7d+j
€-9&6,A*E…j|i&P&3+[,;.6*7(7U,*9*(;&
7`&EF&K,;G9*,A*E….O*9*(;&7`&EF
7E?*7b&GU*N'Y`[&&EF3(7NE7’P1.D'L=MV9V+
7a4'L=E?*9*&U&(;&7&K-•4'L=E?,&=(;N&
7E?*].E?&V9,A*GGG&6&L*N/[6`a&[*5G
€-9&6FV9&&YZ*j|i&P&3+`(v,`ED*G|
`^&7M&U&=P146&L19&6&[*5'<*;+H*U7&YZ*.3&;(
,&v'k.O*9**Ee]*Q,;.D*9*(;&7`&EFG%&F
IH&;(46&L'<*;+H*U7=3,.6*4&U3&)(/p419&6
*9*(;&7`[&&EF*Q,;`_*9*'('9.Dv'k78&U&=P1G

`^&7M&[*54/w7U&&;&[*5e(v,D`^&7M*&61G
-Ek1913+I56VW.D*9*(&A*(;&7&K•-E
%4(3*9*N&*&611W*N&EF&A&Y7\E*9*N&
&(1K=3,.6**Q&U&&[*5GU&U&&[*5eW+
&[&IN&Y*67E?*1Ek1913+G
q“`s&[*5j|i&P&3+/C&EF=]7:Q+`sN&(b*
*b7EF,&N&7k4,&1K=3,.6*(b*,&=v&5&&[
*5G|:1WA3+=3&(3[&E=;*NE?*7:,=3/‰M,
.D*9*N&?1=6G
q+7T*9**@'9**Q&EF=]j|i&P&3+*(1c1EF
VW&a*[=;*@'9*`W(,P&I**&[*5eW+G%Y*[
=;=3&;,&F&+7T*9**@'9*7OI:&+P1`HEF/C7b*
`6&&(I*W`9(&DEFVW&aG
qW`9(&F&Y*j‘]*9**W`9(&F&Y*7UEF
VW&a7:Z^,7E?**&U&*9***&[*54*9*7b*7:,.3&5&
.O*\G
q‘=;.3(&61&j9*/>=6*Q*9*N&'<7E?*=E&>&(6
&L*9*&61&=(GB*7@*7:*9*EFVW&a*N&:&)(/p*9*=v
&5&.3=3v&5&\1*(,(/=19&6&[*5(;&7G
-16-
Chương 4: Phân loại IDS, IPS
4.1. IDS
N=(;"%=3 Network Based IDS R"%X.3 Host Based IDS
R"%Xj
4.1.1. NIDS-Network Based IDS
„E?*7b&>IU&L6&L,;`K&(.3,;`K(37:
9,'9&&(3`=E=E?.3(G
Hoạt động: &)&Ž(Iq‚')/"%'<I:,&*9*(&U1&K
,;.D&F&Y*R)=q&,)XGNI:,&*9*(&U14Vc&)/)*Q
*9*N&4.3*N&:I:,&/*Q*9*N7N7:19&6*9*7(;

7E?*9,'9&.3=;G{3&U&`a`W(,P&*(19&6*9*&[*5&Y*
&U1&D,&,9+*QG
Hình 4 : Ví dụ về HIDS hoạt động phát hiện các tấn công tới máy chủ
"%7E?*&U&IU(;&7*Q+U&K67O3†/(Ž'4,b*
/C.P+.w*N*9*'W1g,(;&7&(OA/B•"‹.3O6
7O3I9*G
€@&@j*37b&*B*`&K,9+&@.3/;,9+&@xy=(;&k
"%G
€{(;j'(2&Ž)G
€6,.Bj1d&@*=E=E?.3(,;*+:&D,9+&@*3
7b& "%G
€”7:,j37b&&KO/;,9+&@je9*&+4-4,9+*QGGG-d
&@*=E=E?,;v,D2(Ž/G
€E?*7:,j„'L*;+&K67O3†/(ŽG+K*h
78*N'L*;+7E?*&K•e.3>67O3I9*G
-19-
Hình 5. Mô hình hệ thống HIDS
4.2. Phân loại IPS
NI:IU&\*"-%*@=3"-%(3=v.3"-%&(=vG
4.2.1. IPS ngoài luồng
6&L"-%(3=vI5*&61&Y*&U1.3(=v/>=6G
{v/>=6.3(6&L,;'<*C7V&EF=].3"-%G"-%*N&:
I:,'(9&=v/>=6.3(41d&@*.319&6*9*/[6*Q'Yed,
P14&[*5GD.a&@3+4"-%*N&:VW=l`A*&EF=]4*}/wN
*b=;*9*37F,3I5=3,WEH7U&L*7=E
&5*Q,;G
Hình 6: IPS ngoài luồng
4.2.2. IPS trong luồng
a&@"-%_,&ED*`A*&EF=]4=v/>=61W7V"-%&ED*
I&D`A*&EF=]G„:,I9**@'(.D"-%(3=v=3*N&K,*A*

qD"%4.6*791A=;*9***&[*5*}*N&:e[&6'
IN&*Q**&[*5787&D7@*4=\*7N.6**L=;&[*5=3
.6*N]*9*+K*M7U*9*,9+*Q6&L7:e(9*9*IU&L7U,9+
&[*5.3,9+*Q4(b*=3]&5&&5`9(7U&EF=]R–)Ž==X
7:&EF=]&Y*6*A*f*QN4&+K4.6*=3,3+75I=;
d+&9*71B7U6&LG@/BEU&&*I)W,;(R'22)X*Q
,&7L&9*4"%-4+=3I9*347:&;(,&**&[*5&J*L/a*.B
&*N&:&[+_4,b*/C"%*N&:*b7E?***&[*5&J*L/a*
.BEN*h'<‚=(*I=5*W"-*QI9*34*Q"%-4*Q7L&9*4
-22-
E.P+&6&;.w&v&;.3*(E6A1B*Q(%&3*5,b*
/C**&[*5&J*L/a*.B&[&`;GE.D"-%&I9*N'<19&
6+&J7M/[6*Q**&[*5.3'7N=3I(9+*9*=E
=E?,;3+&,D*NIWfW,&:7E?**9***&[*5G
-23-

TÀI LIỆU THAM KHẢO
—˜G />—˜G />—˜GmGiáo trình Công nghệ mạng”GZ*.6|
-24-

Nhờ tải bản gốc

Tài liệu, ebook tham khảo khác

Học thêm

Music ♫

Copyright: Tài liệu đại học © DMCA.com Protection Status