Survey of intrusion detection technology

Survey of intrusion detection technology

1. What is intrusion detection, why need intrusion detection?

1.1 Why intrusion detection is required

1.1.1 hacker attacks are rampant and the problem of prevention is becoming more severe

With the development of computer technology, the processing business on computers has been developed to the complex intranet, the enterprise external network, the internal business processing based on the simple link internal network, the office automation and so on. Global Internet Enterprise-class computer processing systems and worldwide information sharing and business processing. With the improvement of information processing ability, the connection ability of the system is also increasing. However, with the increase of the ability of linking information and circulation, the security problem based on network connection is becoming more and more prominent:

Warroon Research, the world's top 1000 companies in 1997 were almost all hacked into.

According to U.S. FBI statistics, the United States each year due to network security losses as high as 7.5 billion U.S. dollars.

Ernst and Young reported that nearly 80% of large enterprises suffered losses as a result of the theft or misuse of information security

In a recent hacking attack, the Yahoo Web site's network stopped running for 3 hours, causing it to lose millions of of dollars in trading. According to statistics, the U.S. economy lost more than 1 billion of dollars in the entire operation. With the industry in Panic, Amazon (Amazon.com), AOL, Yahoo (Yahoo!), ebay's share prices have fallen, the technology-focused Nasdaq index to break the past three consecutive days to record a new record of the rally, fell 63 points, The Du Jones industrial average also fell 258 points during the closing of Wednesday. The attacks included Yahoo, Amazon and Buy.com, msn.com, ebay, and news site CNN.com, an estimate that slowed Internet traffic by 20. "

Seeing these shocking events begs the question: "Is the internet still safe?" "

At present, our website has been attacked by hackers, can not be compared with the situation in the United States, because we are in the number of users, user size is still at a very early stage, but the following facts can not but let us ponder:

At the end of 1993, the Chinese Academy of Sciences found there is a "hacker" intrusion phenomenon, a user's rights are upgraded to Super privilege. When the system administrator tracks, it is avenged. In 1994, a 14-year-old American child broke into the network center of the Chinese Academy of Sciences and the host of Tsinghua University through the Internet and warned our system administrator.

1996, the high-energy was again "hacker" invasion, privately in the high energy of the host set up dozens of accounts, traced to a domestic dial-up Internet users.

In the same period, a domestic ISP found that "hackers" hacked into its primary server and deleted its account management files, resulting in hundreds of people can not be used normally.

In the 1997, the homepage of the Network Center of the Chinese Academy of Sciences was replaced by "hacker" with Devil's chart.

Into the 1998, hackers increasingly rampant, the domestic major networks are almost to varying degrees of attack by hackers:

February, Guangzhou as the hearing was hacked several times, resulting in a 4-hour system out of control;

April, Guizhou Harbor was hacked, home page by an obscene picture replacement;

May, Dalian chinanet node was invaded, the user password was stolen;

June, the Shanghai hotline was hacked, multiple server administrator password was stolen, hundreds of users and staff accounts and passwords were stolen;

July, Jiangxi 169 Network was hacker attack, resulting in the network 3 days to interrupt the network to run 2 times up to 30 hours, project acceptance postponed 20 days;

In the same period, a security system in Shanghai was hacked;

In August, Indonesia triggered a group of Chinese hackers to invade Indonesian outlets, resulting in the paralysis of several sites in Indonesia, but at the same time, some of China's sites were retaliation by Indonesian hackers;

During the same period, a bank system in XI ' an was hacked, taking 806,000 yuan in cash.

In September, a bank in Yangzhou was attacked by hackers, using virtual deposit account to lift 260,000 yuan of cash.

October, Fujian Province Library homepage was replaced by hackers.