Research And Implementation Of Adaptive Distributed Network Intrusion Detection And Defense System

With the development of network economy and network application, Internet has gradually become an essential part of modern society. However as hacker attack and network virus emerge in endlessly, the problem of network security has become very serious. In the world, the issue about network security is thought much than ever. It is proven by fact that single product can't satisfy with the requirement of security, so amalgamation cooperation and unified management of product is the main developable direction of network security. Aiming at the implementation of a real-time detection and dynamical defense security system, this thesis focuses on the technique of intrusion detection and decision-making about defense. The research work and the contribution can be summarized in the following aspects:1) Analyzing the characteristic of main network security models, emphasized expatiating the state of intrusion detection and event response technique, and from the point of dynamical defense explaining the critical problem in intrusion detection system..2) Expatiating the complex adaptive system and then explaining that it is necessary for network security defense system to import adaptive thought. Discussing the research method that resolve the adaptation of security system using distributed object technique and data mining.3) Providing an adaptive intrusion and defense system models (AID&DS). By analyzing the architecture of model, the thesis explains that the AID&DS model is platform independent, adaptive, extensive, supporting multilayer data analysis and dynamical decision-making about defense etc.4) Researching the process anomaly detection method based on neural network and providing a method using the forecast function of multi-level perception and anomaly area estimating to detect system anomaly. Importing a misuse detection method based on snort to AID&DS model, which proves that the model is extensive, and good to integrate other mature network security software.5) Researching the overall event analysis method in distributed environment. Providing an overall event analysis technique based on improved association algorithm and sequence algorithm. At the same time, aim at the insufficiencies of the method, the thesis provides an additional method to infer the conclusion of rules.6) Researching decision-making plan about defense to resist complex attacker form, providing a method using finite-state automata to analyze the dangerous coefficient of associated attack sequence. Define the model of decision-making about defense based on cost analysis and providing an expression of defense knowledge based on predication logic.It is proven by experiment that the providing system is adaptive and open in architecture, at the same time it has function such as intrusion detection and decision-making about defense. The research of project can make for the complete and solid development of information security technique or product. And it is also significant to national information security defense.