Investigation On Several Efficient Intrusion Detection Techniques

When enjoying the convenience from the Internet, the issue of network and information security is becoming more urgent. Intrusion detection is an important security measure and can greatly enhance the network security. In this thesis, several efficient intrusion detection methods and models are proposed and investigated based on different requirements and applications. First, the background of the information security and intrusion detection is introduced. Second, the weakness of the intrusion detection is analysed. Third, the detection model combined with HMM and ANN, intrusion detection based on the cross-correlation of system call sequences, intrusion detection based on the second-order stochastic model, and intrusion detection based on the T test, are proposed and discussed. Finally, a distributed, multiple-classes security defense system is presented.For the weakness of intrusion detection system, we mainly focused on analyzing each part of the CIDF model. According the CIDF model, we pointed out the weakness of each part. All the attacks fall into two categories: active attacks and evading attacks.Then, a detection model combined with Hidden Markov Model and Neural Network is provided. Comparing with other models only using Hidden Markov Model or Neural Network, this combined model has the following advantages: first, this kind of combined model needs less memory due to the absence of profile database; second, by using the Neural Network for decision making, the detection process will be faster than that of using the profile database; third, the detection rate of this combined model is higher than other models only using Hidden Markov Model or Neural Network.Then, the cross-correlation of system call sequence based intrusion is discussed. Due to the host intrusion detection using the system call sequence as dataset, it is important to analyze the cross-correlation of this system call sequence. We directly use the cross-correlation of sequence to intrusion and get very good detection rate.