Study And Realization Of Network Intrusion Detection System And Its Adaptive Ability

With the rapid development of networks,more and more emerging events of network intrusion make people realize that it is insufficient to build security system only with some passive techniques.The traditional security model such as firewall and data encrypt can not keep up with the rapid development of modern network technology.Intrusion detection(ID) is a new generation security protecting technology and it is a necessary and effective supplement to the traditional security protecting technology.As a kind of active security technique,ID can not only detect the unauthorized objects intruding the system,but also monitor the authorized objects using the system resource unlawfully.In this paper,based on the collection,analysis,sorting out and summarization of references now available about intrusion detection technology,a three layered distributed network intrusion detection system(NIDS) is designed and realized.The three layered distributed structure makes the NIDS suitable for the requirement of large scale networks.In the paper,a new expression method of detection rules is advanced.Compared with the other expression methods now available,the new expression method can describe the detection characters more accurately.In the detection system,the detection rules are stored as symbol tables,and the match of detection rules is realized by searching the symbol tables,which can shorten the detection time.Because it is not suitable to do network attack tests,which are interferential and damageable on a real network environment,a new kind of method for testing and evaluating NIDS in off-line status is proposed in the paper.The software that simulates data flowing of network backgrounds is developed.The tests have been made,which are about detection ability,ease of use,detection performance, security and so on of the designed and realized NIDS.The results of the tests have been confirmed by Northeast Test Centre of Chinese National Information Security Certification Centre.An important character of this paper is combining results of research and discussing about theory methods with developing and realizing of application system closely.The realized NIDS has already been used in the army network of Jilin province and has got good results.On the basis of this,a new kind of adaptive method for intrusion detection is proposed,which comprehensively utilize the data mining techniques of association rule mining,decision tree based classifying and sequential pattern mining.The experiments show that the comprehensive utilization method of data mining techniques can create new rules in time,so that the NIDS have the ability of adaptive to cope with the continuing change of network attacks.