Research On Classification, Pattern-Base Creation And Distributed Detection For Network Intrusion

The intrusion detection system (IDS) can fetch up the drawback of firewall. It can provide the method of real-time intrusion detection and responding to the intrusion. An excellent intrusion detection system can not only let the security administrator know the change of network system (including programs, files and hardware, etc.), but also provide the references for making network security strategy. It should configure easily and change with the change of network scale, system structure and security demand. Intrusion detection system can respond after detecting intrusion (such as disconnecting network connection, recording the time of intrusion or giving an alarm, etc.).According to the development of intrusion detection system and existing technology of detecting network intrusion, this thesis gives a solution. This paper is divided into four chapters.The first chapter summarizes the concept, type and principle of network intrusion, the design principle of intrusion detection system and the problems which should be solved and the production of distributed intrusion detection system.In the second chapter, firstly this thesis summarizes the methods of intrusion classification, and provides a detection-oriented classification of network intrusion according to protocols, relations of events, relations of time and relations of quantity. According to this classification, we analyze the relations among the intrusion events, divide and conquer the intrusion events, provide an effective method of creating pattern-base by employing the combination of some context-free grammars, and then give the algorithm for creating pattern-base and employ the C++ for describing the algorithm. In the last part of this chapter, we provide a detection method based on the pattern-base, detecting all kinds of classes of intrusion with a uniform program, and tracking the whole intrusion in real-time can be attached.Chapter three gives architecture of the distributed intrusion detection system according to above classification and some technologies (such as data communication among parts of the system, capture the identification of the intruder, etc.).Summarization and unsolved problems of the paper are presented in chapter four.