| With the popularization and fast development, network users face increasingly serious security issues, thus network intrusion has became the most important threat to the computer security and network security. So network intrusion detection system (NIDS) appears as the keystone and hotspot in the computer security research field which emerge as the times require.This dissertation analyses and summarizes the current status of intrusion detection research, proposes some problems intrusion detection technology must face and research trend.The dissertation focuses on research and practice on some technique difficulties in network intrusion detection techniques.Firstly, propose a model including data sharing policy and cooperative access control policy in distributed intrusion detection system. The model provides a secure guarantee for information share and cooperation between components within IDS, any participant hosts resist potential comprehensive attacks through cooperation set and risk set mechanism, and thus lower leak of key information and decreases the risk of success of comprehensive attacks penetrating IDS.Secondly, we tested the influence of a common DoS attack-TCP dump on network performance in a real network circumstance, releases quantitative analysis to the impacts of 3 patterns of attack, the result is steering for further judging attack's behavior.Thirdly, presents a detection model named TDIDS based on the previous experiment. The model bases on the basic principle of NIDES/STAT algorithm, adopted 4 kinds of measures, and employee a comparison between short-term profile and long-term profile to determine whether attacks are occurring. Describe implementation of TDIDS and experimental system. Summary features and limits of TDIDS model through comparing and analyzing results of the 4 measures with many experiment data. Fourthly, gives an intrusion detection model of web-based database system. The model mainly aims at security of information system and security of web-based database which is a novel realm of security research. This model adopted two layers framework: behavior modeling layer, verification layer. Error ratio was lowered through the two layers integrating alarm content and alarm itself rather than isolation analyzing them.Fifthly, bring forth a modified BM algorithm. The most important sector in Misuse intrusion detection is pattern matching. We propose a modified BM algorithm. The algorithm reduced comparison number and improved time performance comparing with the standard BM algorithm...
|
PDF Full Text Request