| Intrusion detection, as one important part of computer security domain, is the process of monitoring computer networks and systems for violations of security policy. A simple and efficient intrusion detection method, based on monitoring the system calls used by active privileged processes, has made great theoretic progress, but is not practical for not working in a real-time way.According to the current trends of intrusion detection technology, it is the characteristics of intrusion detection using sequences of system call that provide a real-time adaptive IDS, employing the fuzzy control technology to cooperate the NIDS (Network IDS) and HIDS (Host IDS), based on the forgoing research. And, some key modules are implemented in the paper. The architecture of IDS is consisting of firewall module, NIDS module, a fuzzy-decision maker, network profiling database, primary and slave server. According to the network profiling database, concluded from the auditing data, the fuzzy-decision maker responds to the network profiling and takes different actions. The network profiling and current detection results are encoded into fuzzy sets as inputs of the fuzzy controller to sum up the general security level, so the fuzzy-decision maker can respond according to the system resources. Based on the above decisions, servers perform to analyze the intrusions and make real-time responses through the monitoring and intercepting of system calls. The design and emulation work of fuzzy controller is finished under the platform of Matalab Simulink toolkits. Then, under the Redhat7.0 platform, the dynamic loadable module, monitoring the sequences of system call, is encoded and the server's performance is analyzed. The final result is approving.After analysis and extensive simulation, this paper discusses the problems of current modules and the scalabilities of system, which are expected to exploit in the future work.
|
PDF Full Text Request