隨著雲端技術的普及和遠端工作模式興起,企業網路環境變得更加複雜,伴隨而來的安全風險也有所提升。本研究設計並實作了一套名為「尉遲監控系統」的基於規則的深度封包檢測流量監控系統,目標包括對區域網路進行檢測、分析封包特徵、儲存和檢視所有流量資訊、設計流量特徵的規則稽核系統、提供告警系統等。並進行了相關內網攻擊的實驗,系統成功檢測出惡意DNS請求、SMB蠻力攻擊和ARP欺騙等攻擊情境,且系統在長時間運行下表現穩定,具有良好的服務效能。在開發過程中,我們對NFStream開源專案作出了一些改進,經過向專案負責人提出合併請求後,我們的改進方案成功地被納入了該專案中。尉遲監控系統提供管理者一套網路流量監控系統,增進企業網路的安全防護。;With the proliferation of cloud technology and the rise of remote work modes, the corporate network environment has become increasingly complex, and the accompanying security risks have also increased. This study designs and implements a rule-based deep packet detection traffic monitoring system named "YuChi Monitoring System". The objectives include monitoring local networks, analyzing packet features, storing and viewing all traffic information, designing a rule audit system for traffic features, and providing an alarm system. Some relevant internal network attack experiments were conducted, and the system successfully detected attack scenarios such as malicious DNS requests, SMB brute force attacks, and ARP spoofing. The system performs stably over extended periods of operation, demonstrating excellent service performance. During the development process, we made an improvement to the NFStream open-source project and the changes have been merged into the project. The YuChi Monitoring System provides managers with a network traffic monitoring system, enhancing the security protection of corporate networks.
