Intelligent Network Intrusion Detection And Security Technology

The "September 11" terrorist attack has had an impact on the entire world. If such a disaster occurs in the world of networks, particularly such sensitive networks as government, military and financial networks, the blow to national security will be fatal. In order to safeguard national security, it is a top priority to ensure the network information security. The networked world will be the border for high-tech wars. Therefore, top on our agenda is the task of planning or establishing information security protection system and building well-defended network borders. Network security protection and intrusion detection technologies have been developing very rapidly. However, the. detection targets are still unclear, the detection methods are still backward and the detection theories are still to be improved and strengthened. The protection methods still remain at the level of passive and static protection technology. In addition, systems are faced with severe challenges because of "vulnerabilities" and badly defended "back doors". In the meantime, the intrusion detection technology research still remains at the stage of theory model and prototype. It is very common of high false positive rate and false negative rate. New vulnerabilities can not be predicted and unknown attacks can not be prevented. The emergence of new types of attacks has raised new challenges for future network security protection and intrusion detection technology. On the basis of meticulous analysis and in-depth research of the above-mentioned problems, the present paper has put forward a new detection model and security protection policy with the following results and points of innovation.1. The paper starts off by analysing the description of network intrusion features and extracting methods, which include an exhaustive analysis of intrusive activities from the perspective of an intruder, namely network scanning and sniffer, spoofing attacks, buffer overflow attacks, DOS and Trojan Horse. The analysis has helped to identify some deficiencies of the existing intrusion analysis methods and put forward ways to effectively solve problems facing the intrusion detection system, such as methods to deal with concealed scanning, detection policies targeted at IP spoofing attacks and buffer overflow attack identification algorithm based on flow.2. New intrusion detection models are put forward through analysing the intrusion detection policies and studying the problems of false positive and false negative.The new model can make full use of the two data resources, namely, host and network, and combine anomaly detection with Misuse detection so as to effectively lower the false positive rate and false negative rate of the intrusion detection system.3. The model and structure of the intrusion detection system is studies and the fundamental reasons behind false positive and false negative is analysed. The control structure and evaluation methods of IDS are proposed on the basis of studying the component, classification and detection methods of IDS and CIDF (Common Intrusion Detection Framework). The distributed control structure and evaluation methods of IDS are presented based on these analysts.4. Aim at how to evaluate the performance of IDS effectively, developed the evaluation flat of IDS. The flat can simulate all kinds of intrusion actions while modify the parameters to test the detection speed and response capability of IDS. And the flat can also be used as the tool to deal with hackers.5. Network security system and its evaluation criterion, network security protection policy and security principles are pointed out. An analysis is also made for dynamic network security protection system model and human factors in the protection of network security. A new multi-level network security protection system structure is put forward. The distribution security policies and ARP anti-spoofing policies are summarized.6. The above-mentioned research results have been applied to "Hacker Monitoring System", "A Research into the Intelligent Network Intrusion Detection and Security Protection Technology" and other research projects. The "Hacker Monitoring Software" has been adopted by 2003 Shaanxi Province University Network Enrollment, Network Center of the Northwestern Polytechnical University and five other institutions and has achieved goods results and won wide acclaim from the clients. Therefore, it is proven to be feasible, practical and advanced.