| The computer security is the systematic security,it is rampant day by day as the hacker invaded the incident,People find that only securities system of structures are not enough in terms of static defence. Intrusion detection technology is the new generation of security technology after the traditional safe protective measure,such as" firewall","data encrypted",etc. It is not only discerns and responds to computer and network hostile behavior of resource but also measure external invasion behavior and supervise inside mandate activity of user at the same time,before network resource is endangered and intercepted. Intrusion detection technology,a supplement to traditional computer security,increasing network and system safe protection depth has become the direction of the main research and development of the safe tool of trends at present.Traditionally,the feature of invade behaviors are divided into abnormal and misuse detection on which build up abnormal detecting mode and misuse detecting mode. Some new detection methods have been emerging in the past 45 years,developing the models to perform well on misuse detection and anomaly detection,such as artificial immunity method,hereditary algorithm,data mining etc.. This kind of detection method is called mixed detection measure. This kind of detecting measuring,analyses the normal behavior of the system,and observe the suspicious invasion behavior at the same time before the decision is made,so it can make judgment more overall,accurately and reliably. It usually measures the behavior of invading according to the normal dataflow background of the system,so is called" the heuristic characteristic measures ".Nowadays there are the following shortcomings in intrusion detection products ,lack the effectiveness,flexibility,adaptivity. We can use two parameters to mark effectiveness of intrusion detection system,the false report rate and detection rate.The false report rate can be divided into wrong report rate and rate of failing to report. A good intrusion detection system should have low false report rate and high detection rate,The key is to reduce the rate of failing to report in the false report rate. Adaptivity mean can measure the intrusion different from already known to intrusion detection system ,that is can measure the unknown intrusion. At present,it is an enormous knowledge engineering to build a intrusion detection system. The person who constructs the system relies on their intuition and experience to choose the tolerance of a certain static to measure anomaly detection. The expert carries on the analysis and classification in attacking scene and system weakness at first,show the suitable response rule that measured in violation of rules and regulations in craft way. Because it is manual with the expert's artificial treatment course to adopt,current intrusion detection system is short of the effectiveness,flexibility,adaptivity. When intrusion detection system being on dealing with datum of magnanimity,data mining can very fine to carry on feature extraction and establish intrusion pattern knowledge base on a large number of data of historical behavior mode .intrusion detection system can adopt Date Mining at the time of establishing the knowledge base of the intrusion mode. Wenke Lee get enlightenment in data mining ,develop one mix detection RIPPER .It does not set up models separately for different invasion behaviors ,at first ,through a large number of example with data what invade behavior to study what normal behavior and intrusion behavior of system that is .Find and describe to use mode unanimously systematic characteristic ,form to unusual abusing suitable measuring model,This a typical application measuring in mixed detection measure. Model set up with data mining method,and model's data from primitive data sc.iirce. So It have flexibility,adaptivity.Much security threats of ours come from the hostile executable code,especially unknown code. Such unknown hostile code could not be find on the basis of the existing virus scanner th...
|
PDF Full Text Request