| Developed in the 90s, the technology of intrusion detection features a wide range of scientific fields, and slow advancement. Few successful intrusion detection systems are seen in foreign countries, and China is only at its initial stage of studies. However, the study of intrusion detection has been listed as a key project in the national Tenth Five-Year Science Advancement Plan. In the past, the safety researchers focused on looking for dynamic safety mechanism, and for a safety mechanism or strategy that is expected to improve the safety of the system. Yet the fact remains that the web intrusion is a common phenomenon because of the opening Internet and some intrinsic features of existing software. People gradually find that the safety strategy could hardly solve the problem of intrusions, therefore detection of intrusion acts has become our crucial concern and of great theoretical and practical significance.This paper summarizes the existing methods of intrusion detection, and on the basis of which, focus on the behavior-based intrusion detection system, and by employing some statistical means, proposes a method of identifying the normal performance on the basis of the host-based clustering trails. The major concern of the behavior-based intrusion detection is whether the system is able to, based on the available user actions and the system normal performance model, identify the abnormal events out of the tested normal-performance models.The conventional probability statistical method is employed to analyze the action features, yet without giving consideration to the action differences of the testing target. As a result, the eigenvalue of irregularly distribution is hardly feasibly for expected application. To reduce the testing errors in the irregular distribution of eigenvalues, the statistical computation method is proposed to enhance the eigenvalue accuracy of the classes, so that, in case of irregular distribution eigenvalue, we deem that the eigenvalue of the classes are regularly distributed. Based on the above consideration, the paper adopts the K- means clustering algorithm to realize the initial K-means clustering of normal performance features, to verify the feasibility of the clustering method in the intrusion detection system. In addition, the paper gives an account on the limitation of the proposed clustering method as well as its development potential and orientation.The difficulties of the proposed research lie in extensive involvement of a large number of burgeoning science disciplines, with hardly any available sources for reference, which, if any, are written in foreign languages. It is sometimes hard to determine the actual implication of an even simple polysemic technical word, and is even harder to comprehend its contextual meaning and to establish a feasible system. In spite of these, the paper proposes a feasible intrusion detection plan, and its originality largely lies in combining the high-efficient host-based intrusion detection with the network-based intrusion detection of high data retrieving capacity, provides a comprehensive analysis, and introduces the clustering method of the recognition model. The proposed method intends to look for a set of methods to evaluate the ways of intrusion, and points to the development direction of upcoming intrusion detection systems.
|
PDF Full Text Request