| With the fast development of computer technologies and communication networks, especially the wide spread use of different Internet services, security breaches pose an increasingly severe threat. Many approaches such as firewalls and intrusion detection systems(IDS) are developed trying to solve the problem. Although they may mitigate the problem to some extent, all of these technologies have some major defects: intrusion detection systems based on the misuse model cannot identify the unknown types of intrusions while their anomaly model-based counterparts entail a difficult process of system normal behavior profiling. Moreover, as the network bandwidth keeps growing as an unprecedented rate, all these systems face with a same challenge - the improving of their real-time performance.Trying to improve the performance of the intrusion detection process from all the perspective, different approaches are presented in this paper as follows:(1) Present a parallel string searching algorithm(PBM) for information filtering, which is based on the widely applied Boyer-Moore(BM) algorithm and can accelerate the pattern filtering process of the misuse intrusion detection systems directly through effectively improve the overall data processing throughput.(2) Through applying the Peer-To-Peer(P2P) model in the creating of a distributed intrusion detection system, an intrusion detection framework - PeerIDS is suggested with detail communication protocols introduced. With the cooperation of all the IDS peers, the PeerlDS system yields a higher grade of durability and scalability. Higher performance can be achieved by simply adding more PeerlDS instances.(3) Combining fuzzy method and the Bayesian belief network, a novel anomaly detection model is devised. After categorizing all the security related system properties into four models, which are represented by their corresponding fuzzy membership functions, the real-time probabilities of whether the specific security properties are abnormal or not will be calculated as according to the fuzzy membership functions of the models they belong to, and a decision whether the supervised system is in a abnormal state is thus made from the synthesizing of all these probabilities by the Bayesian reasoning network.(4) Design and implement a dynamic firewall system named SecuRouter, which is implemented as a dual-homed host bridge between the Internet and the user's LAN. Through providing an interface for IDS notification, SecuRouter can dynamically modify...
|
PDF Full Text Request