| Intrusion Detection System(IDS) is an important part of computer security, which implements real-time detection for intrusion information. In general, IDS are network-and, signature-based detection. The advantage of signature-based detection is accuracy and precision; But its disadvantage is the disability to detect novel attacks and cannot handle big traffic. Abnormally-based detection can detect novel attacks, is a new trend of IDS, and a useful supplement to signature-based detection. But so far, abnormally-based detection is not yet perfect. The paper discusses network-and abnormally-based detection.Based on the research on the intrusion detection technology and intrusion method in common use, a abnormally-based Intrusion Detection System is proposed in the paper, which use two methods to implement abnormal detection. One is analysis abnormal packets, the other is analysis abnormal network flow.In connection record analysis, the standard Apriori algorithm is modified and the influence caused by outlying factors is eliminated according to the circumstantialities in intrusion detection. An intrusion detection mechanism adapted to the current circumstances with high bandwidth and large flow is proposed, which can enhance the intrusion detection speed and lower the system resources usage.In data packet flow detection ,the average data packet flow in every time-interval by every computer in network is acquired with dynamic updating through statistics means, with which the flow anomaly detection is conducted by contrasting the current flow .And calculates the degree of abnormity. When the value of abnormity is bigger than the threshold, Analyzing Data mainly raise the alarm. The packet flow monitoring is able to defectively detect the network flow anomaly caused by most of Denial of Services attack, which attacks the network through depleting the band width and system resource and makes up for the deficiency of association rules analysis algorithm. |
PDF Full Text Request