An Intrusion Detection Method Based On Euclidean Distance

Along with the development of IT especially Internet, computer network have become the whole world of 21 century the most important infrastructure. Various information systems have brought huge transform to work and the life of people. Application of information systems, what have accelerated social automation process, have alleviated daily miscellaneous repetitive labour , have at the same time also raised productivity , have created considerable economic benefits . On the other one hand ,computer network join form much shape and terminal distribution not uniformity and the openness of network etc. feature, cause the safe hidden trouble of network more and more, it is more and more low that network attack is asked for invading the technology of, attack means more and more advanced, more and more conceal, endanger also more and more big. How to ensure the computer safety of systematic, network system and entire information infrastructure, have become urgent important problem, for the defence system of our country have especially important meaning.Additionally, statistical data still shows , it is initiated from enterprise inside that what exceed 80% invade and attack , because of firewall guard against that outside does not guard against inside, make firewall is unable to help for these invading and attacking. For the protection of system resource, need to establish a active defence machine different from firewall and antivirus software to detection intrusion .By monitoring network or computer systematic development behavior feature Intrusion Detection System(IDS) judge whether have invade take. IDS can detection the attack come from inside, offer real time monitoring for network and adopt corresponding preventive measure in invade initial stage of intrusion. However tradition intrusion method exist insufficient , Misuse Intrusion Detection is hard to detection new form invade , Anomaly Intrusion detection is hard to establish reasonable effective normal behavior feature and detection method, therefore, how to take the initiative defence and restrain efficiently for illegal behavior in computer and network,it becomes the important problem that present computer safety solves urgently.This paper has first looked back the development of network attack and intrusions detection, Soon afterward .introduce the function of major function model of intrusion, crucial technology and the architecture of IDS and the standardization of intrusion detection. In analyze the deficiency of traditional intrusion detection system, a new kind of intrusion detection method, which named EDID (An Intrusion Detection Method Based on Euclidean Distance) is put forward for reduce false positive rate. The essence of EDID is to set up a normal behavior fuzzy sub collection A on the basis of watching the normal system transfer of the privilege process, and set up a fuzzy sub collection B with real time transfer array, then detect with the principle of minimum distance in fuzzy discernmethodThe innovation point of this paper is : Put forward the method of EDID, can not only reduce efficiently false positive rate and false negative rate, also make real time intrusion detection to become possibility; have independent and complete character database, according to the classification of monitoring program, design normal behavior and anomaly behavior etc., have raised the strongness of IDS; Use tree type structure to preservation the character database, have saved greatly stock space; in detection invade , carry out frequency prior principle, prior analysis and handling the behavior feature of high frequency in information table, have raised efficiency and the speed of detection, make real time intrusion detection to become possibility; have at the same time realized anomaly intrusion detection and misuse intrusion detection, have remedied deficiency of unitary detection method.