| When the application of network plays a greater and greater role, the security of network gets more importance. People apply all kinds of technology of security of network in order to enhance the security. Intrusion detection has been put up as a new active defensive method in these recent years, and has become a important branch of network security. The thesis researches and designs the method of intrusion detection based specification.The traditional intrusion detection is divided into misuse detection and abnormal detection. The advantage of misuse detection is high correctness, but can not detect unknown attack. The advantage of abnormal detection is able to detect unknown attack, but it caused great high positive false. Specification_based detection is a new approach, it can detect the known and unknown attack, and it's positive false is great low.The thesis present a high level ASL(Auditing Specification Language) to describe the safe behaviour of system and the intrusive behaviour of network. ASL is a kind of simple strong expressive event driven language. The ASL specification is translated into C++ module by compiled it,then to compile the C++ module get the detection engine. The extended finite state automation(EFSA) is adopted to match pattern written by ASL in the thesis. It is also said that the rules are translated into EFSA while compiling the rules, the method have high performance in the run time, the pattern matching time is insensitive to the numbers of rules. The thesis design the specification of intrusion detection of the privileged program and network communication in the detail by ASL specification.
|
PDF Full Text Request