| With the development of Internet, the computer network has been one of the most important components of the society basic establishments. The computer network has a full impact on the society, economy, military affairs, science and technology, and education. With deeply depending on the network, people begin to consider the problem of guaranteeing the network security. Therefore, it is necessary and urgent for us to research the approach of rapid detecting network intrusion activity.The current data storage module of Intrusion Detection System (IDS) is mainly constructed by hand. For example, people construct the anomaly detection system by selecting the statistic parameters based on their institution and experience, and write the intrusion rules of the misuse detection system by analyzing the attack process and system leak. Such IDS system has poor capacity for adaptation. To solve the problem, we introduce a classifier to the classical intrusion detection architecture by applying the Markov Chain. The classifier sorts the packets to the normal and anomaly ones, then translates the anomaly packets to some intrusion rules and updates the rule base automatically. The present self-adaptive intrusion detection model overcomes the in-completeness of the intrusion rule base constructed by experts with the limited domain knowledge. On the other hand, it can construct and update efficiently the intrusion rule base, and detect timely the network intrusion activity.Based on the analysis of the current network intrusion approach and observation of the characteristics of network packets, we design a new multiple pattern matching algorithm combining the Boyer-Moore pattern matching with the finite state automata, and present an efficient network intrusion detection approach. The theoretical analysis and experimentshow that our presented network intrusion detection approach based on the multiple pattern matching and sequence mining is faster than the one based on the Boyer-Moore pattern matching.
|
PDF Full Text Request