Network Security Testing Key Technologies

With the pervading and developing of the Internet in the whole world, more and more computer users can enjoy abundant information resource, receive and send messages very quickly and conveniently through Internet without stepping out of home. Computer network has already connected closely with people's studies and lives, so it becomes essential part of many people's lives. But, while people are enjoying the huge convenience offered by Internet, they are concerning about computer network security increasingly. On one hand, as the structures of network are becoming more and more complex and their applications are more diverse, this greatly adds the possibility of having holes in system. On the other hand, hackers' methods of attack are changing day-by-day; meanwhile, the inner operators illegally exceed their authority deliberately or not. They all throw a great threat on the ordinary operation of network. Original security methods, such as encryption, access control and firewall, cannot satisfy the needs nowadays. Intrusion Detection System (IDS), as a new security technology, mainly monitors the status of network and system, clients' actions and resource condition to detect if there are any inner operators exceeding their authority or attempt of intruding and attacking the network and system. Intrusion Detection technology is rational supplement of original computer network security system. The application of it considerably strengthens network and system security. Now, it is becoming an essential part of network security system.This paper states the recent security problems we have to face and some ordinary security methods. It also illustrates the status and development tendency of Intrusion Detection technology. Then it works on a lot of research focused on the recent main problems that IDS faces, and provides the resolution. Following are the main contents of this paper: Analyzing the advantages and disadvantages of recent main Intrusion Detectiontechnology and detection models. Discussing the criteria problems to resolveimmediately and the methods to estimate IDS property.Analyzing recent main data mining methods, and applying the association and sequence pattern mining into network based anomaly detection. Providing a detection method to judge whether there happens anomaly matters. This method judges it by calculating the similarity of mining normal and anomaly traffic among the rule sets. The validity of this method is proved by experiments. As to network traffic data with quantitative attribute and labeled, we suggest that we should first process cluster partition on the quantitative attributes, then use detection method of association rule mining. Experiment results show that this method can detect network misuse effectively.As to the lack of real time reflected in existing anomaly detection methods, we provide the online detection based on association rules. And on terms of the existing network attack features, we provide a domain layer association rule mining method to combine the IP address and sub-network address bottom up, which method enhances the ability of the system detection of distribute group attack.Providing a new Intrusion Detection method based on fuzzy mining technology, and combining fuzzy logic with association rule mining and frequent episodes mining methods. Grouping the quantitative attribute in network traffic according to fuzzy set, and using genetic algorithm to construct the membership functions that state the fuzzy set. Thus avoiding the existing "sharp boundary" problem if we use classic set theory. The experiment result show combining fuzzy logic data mining method is an effective anomaly detection way.Providing an adaptive IDS framework, which is according to train data build the normal rule sets used in anomaly detection. Then adopting a dynamic association rule mining algorithm based on slide window in detection process, which updates dynamically original rule sets by data in mining window, and enables the IDS to have adaptive function.Providing an unsupervised anomaly detection method, whose traits need no special training and have very good effect on low-density attack detection. Hence, using this method to detect network traffic data in basically normal condition andadjusting detection rate, we can obtain the necessary train data used in superviseddetection method.