| This dissertation firstly introduces intrusion detection technology and intrusiondetection system. Then it analyzes and summarizes the current state of research on thetechnologies. At last it presents problems intrusion detection system faced and trendof research. Mathematical model is the basement for selecting and applying intrusiondetection policies, so a 2-dimension collectivity model is proposed after analyzing thespace and time character of intruding activity. Traditional Network Intrusion Detection System (NIDS) scans the incoming IPpackets and judge the attack types by the sensitive information matching. In this paper,we devise and implement a parallel reassembling algorithm (APPRA) in applicationlayer for large-scale network intrusion detection. Experiment result shows thatAPPRA is efficient. This paper describes three classes of honeypots and the building of Trap Networkin detail. User-Mode Linux is used to implement the Virtual Distributed HoneypotSystem. On recording technologies, we give a new thought of Keyboard FingerprintSpectrum (KFS). A method of KFS based on Win32 Global Hook is also introduced. The DDoS attack and Port Recall attack have been great dangers to Internetsecurity. If they are combined together to form a new kind of attack, the effect will bemore serious than any one of them. Therefore, the model called Distributed PortRecall attacks is presented here to draw attention. In addition, some methods ofmisuse detection and anomaly detection are also proposed in this paper. In this paper, we apply intelligent agent technology for purpose of real-timeresponse. The main novelty in this technology is its multi-level agent architecture toperform dynamic policy update in intrusion detection system through wireless netgate. Finally, we present TDNIDS as an archetypal network intrusion detection systemand estimate the future development of this system.
|
PDF Full Text Request