Theory Of Judgment PN Machine And Its Application To Intrusion Detection

As the second line of defense for computer and network systems, intrusion detection systems (IDSs) have been deployed increasingly wider. Such rapid growth in the research of intrusion detection owns to the fast change of information technology. Recent cyber attacks have become more serious and sophisticated, especially with the development of complex attack techniques such as distributed attack and coordinated attack. Meanwhile, the application environment is changing for operating systems and protocols that connect a large number of computers together into an interdependent network. Original intrusion detection systems have become insufficient. The future direction of research and development in intrusion detection technology is toward distributed and intelligent system. It appears that the next generation of intrusion detectors combining multi-agent and artificial intelligence becomes current.The critical factor that leads to the development of IDS is the data analysis technique. There are some analysis approaches for intrusion detection in use. Some of the widely used ones are: statistical analysis, pattern matching, packets reconstruction, protocol analysis and behavior analysis. However, none of these techniques are perfect, because some of them cannot adjust to high-speed network while some are difficult in algorithm management or rule establishment. So it is urgent to find some new approaches for the next generation intrusion detectors. Designing intelligent IDS is an effective approach to solve this problem. Intelligence techniques can reduce the human effort and improve the performance of the system. Learning and induction are used to improve the matching efficiency, while clustering can be used for data analysis. The knowledge database of IDS can be updated and expanded automatically, according to changes of attack behavior.This paper is based on the research result of the Railway Ticket and Reservation Network Security System, a project supported by the foundation of National High Technology Research and Development Program (863) of China under grant No.2002AA 145021. In this paper, the knowledge representation of attacks and intelligent analysis are put forward through research. We establish a set of theory and method that is effective for the analysis and detection of attacks, using the theory of Petri Net and artificial intelligence. In this theory, colored judgment PN machine is used to model the attack, and its running mechanism is used to match the intrusion. The problem of matching multiple patterns is solved by colored synthesis processes of colored judgment PN machine, and the knowledge database of IDS is updated and expanded through inductive learning. Finally, the circumstances of the Railway Ticket and Reservation Network Security System are shown. Concretely, the following aspects are investigated deeply in this paper:...