| Intrusion Detection System(IDS) is an important part of computer security, which implements real-time detection for intrusion information. In general, IDS are network- and, signature -based detection. The advantage of signature-based detection is accuracy and precision; But its disadvantage is the disability to detect novel attacks and cannot handle big traffic. Anomaly-based detection can detect novel attacks, is a new trend of IDS, and a useful supplement to signature-based detection. But so far, anomaly-based detection is not yet perfect. The paper discusses network- and anomaly-based detection , ie , Anomaly-based Network Intrusion Detection System (ANIDS), which use two methods to implement abnormal detection.The premise of anomaly detection is that the "activity profile" of an attacker is different from the one of normal users. Based on the "difference", anomaly detection can judge intrusive behavior.This paper focus on Anomaly-based Network Intrusion Detection System (ANIDS), which use two methods to design and implement anomaly detection .One is analysis abnormal packet, the other is analysis abnormal network flow. The paper from these methods to discuss ANIDS.From abnormal packet view , first , we stem some abnormal signatures from abnormal packets ,then make a rule set . Second , ANIDS use rule set to detect IP packets. If one rule is the same as one packet some field, ANIDS can think the packet is an abnormal packet .This can result in an alert.From abnormal network flow view, first, we can define some statistical variables and use those variables to make a model , timely get data from network .Then ANIDS make full use of data in information lib to detect current network flow whether anomaly or not. If the current network flow is abnormal,ANIDS can make an alert.ANIDS reports an anomaly behavior to system administrator via sound ,web pages, log.In the end, we do a test on ANIDS. In real network,ANIDS detects some attacks. In simulation testing ,we use some common attack tools to attack server where ANIDS is running, we have an good effect.
|
PDF Full Text Request