| The study divided into five parts:Firstly, the paper summarizes the conception of intrusion. Following, it recommends some familiar intrusion in detail and their countermeasures. Such as probe attacks, DDOS, R2L , U2R and data attack.Secondly, the paper introduces the conception of audit and the history of traditional security audit system. It analyses the lack of security measure in common use, and the Network Security Audit System. The paper introduces two kinds of realizing method specifically of net security audit system: based on the database and based on the Statistic. Then the paper recommends the new method of net security audit system is: the data mining technology and the method based on system call sequence: named AUDIDS.Thirdly, the paper introduces the audit information at present IDS. It put forward the two evaluate targets: time-order logicality and extensity, and the method perfecting extensity audit information: defend alliance protocol. The method is to capture the characteristic of the intrusion action at the initiate node and the aim node as the audit information of the IDS. The former expound how to capture the intrusion action characteristic consisting in the border upon node and sending to the aim node. Such as how many data and the frequency of the data pack transmitting to aim node work as the audit information. The later expound by using the net management center to capture the intrusion action character on the initiate node. That is by three handclasp connections to amend, authenticating the authenticity of connection to perfect the information of extensity.Fourthly, the paper introduces the uniform approximation, and applying the technic to intrusion detection. Trojan horse is the typical example of abnormity intrusion. Then by discussing course pattern of Trojan horse, the paper present the system state defined by image function, by using all direct and indirect relations of system state to confirm the variety of action pattern and its rules during the switch of system. Based on this, the paper analyses the intrusion detection of Trojan horse.Finally, the paper introduces the research of the task and the test schematically, attaching some interface and program.
|
PDF Full Text Request