嵌入式入侵偵測系統

Abstract

許多入侵偵測系統的最大問題在於系統自身的安全問題。譬如為了保護網站的安全，通常必須監視所有上網的連線，但如何讓攻擊者無法察覺入侵偵測系統的存在，從而保護入侵偵測系統，是一個很重要的研究課題。在本論文中採用標準的HTTP來建立偵測入侵的連線，用來監控其他一般的HTTP連線或指定要保護的重要資料。 本論文設計了一個入侵偵測雛形系統，應用了現今以網站為基礎的應用程式（Web-based Application）架構，將偵測的工作以一般網站應用程式的形式來進行，具有自我隱藏的特性，所以可以提供系統自我保護的功能。

An Intrusion Detection System (IDS) is used to protect data from being misused or unauthorized accessed. It monitors the system activities to find whether they contain any predefined attack signature. But the weakness of all common IDSs is the security problem of the IDS themselves. An IDS may be the first target of experienced attackers. An Embedded Intrusion Detection System trys to avoid the problem by hiding itself in a protected host. The idea is intuitive and simple, if we want to use IDS to protect a web server, we put together the IDS and the web server. We use HTTP to talk to the IDS, and normal web visitor uses HTTP to access what he want. The IDS is “ Embedded” within the web server. It is not easy for attackers to find the IDS such that the IDS should be more secure.