Network Security Monitoring And Early Warning Technology Research

Intrusion detection is a real challenge in the area of information security.The reason is that it faces the most intelligent hackers. The writer began to work in this area in 1997 and successfully developed the first intrusion detection system "NISDetector" in our country. This work began with a theoretic research and ended in working out a real software product. It has some positive effect on the development of intrusion detection product in our country.This paper gives a survey on recent approaches of intrusion detection and points out their strength and back draws.Taking NISDetector as a background, this paper discusses some implementation problems of intrusion detection system, and describes the technique that NISDetector took, includes: abnormal detection technique, data fusion technique, cooperate detection anti EDS eluding technique and alert reanalyze technique,security protection mechanism for IDS. Most intrusion detection systems use simple signature match and/or simple statistical analyze as the main detect method. These methods may produce large volume of alarm message and may produce false alarm or miss some alarm. This is always disturbing. This paper presents an approach which applies data mining technique to improving alarm accuracy. We realized some of these ideas in NISDetector. Our test showed that it is a good schema in solving the problem of false negative or false positive, and reduces the volume of alarm message.