| With the rapid development and the growth of Internet, the information globalization is becoming the main tendency of the progress of human beings, and the information network is also gradually becoming the important guarantee of the social development. The network gives us the great convenience in the aspect of the use of information and the share of resources, but at the same time, it also brings us a series of information security problems caused by intrusion that we must be faced with. In order to prevent the pivotal information and the confidential file from leaking, people have to excogitate the effective security strategy to solve these problems and form a powerful security defending system. In recent years, when the tendency of information globalization gradually speeds up, more and more people are drawing attention to the network security technology and the field of correlative research. It has become the focus of the research and development of the network technology.The technology of Intrusion Detection is a rising problem to research in the field of network security. It is a dynamic technique of network security, comparing with the traditional technology of operating system reinforce and the firewall isolation and other static security defending techniques. Intrusion Detection is a process of inspecting the network and the computer system to find the event of disobeying the security strategy. It extends the concept of traditional audit, inspects in a non-interrupted mode and then forms a successive detecting process. The technology of Intrusion Detection can make up the deficiencies of the firewall and other static security defending techniques, it can provide real-time detection for network security and take relevant defensive steps such as recording evidence, tracking intrusion, recovering or cutting off the connection of the network, and so on. Therefore, it has bright future to research and develope.According to the different data sources of the detection, IDS (Intrusion Detection System) can be classified as following:Host-based Intrusion Detection System (HIDS): HIDS usually checks the informations such as log files, process accounts, user's activities etc. and output data of IDS based on applications running on a host.Network-based Intrusion Detection System (NIDS):NIDS mostly checks the traffic within range of the network. Commonly, it can visit the output data of Host or applications-based IDS in the environment of the network being inspected, and it can also directly checks the information of data packets of the network.Multi- Network/Infrastructure-based Intrusion Detection System:IDS in the environment of multi-network is often expressed in the form of IRT (Incident Response Team). Its input is from every site within range of the attaching network. Each site is a security monitor in the domain of administration.According to the analytical methods adopted, it can also be classified as Anomaly detection and Misuse Detection:Anomaly detection:Supposing that all the intrusion activities are different from the normal activities, It's principle is assuming that the track of normal activity of system can be set up, then every states of system that different from the normal tracks can be considered as the suspicious attempts. The choice of anomaly threshold and signature is key to succeed. But the limitations are that not all the intrusion can be expressed as anomaly activities, and the tracks of system are difficult to calculate and update. Misuse Detection:Supposing that all the intrusion activities can be represented as some kind of patterns or signatures. The aim of the system is to find whether the main object's activities accord with these patterns. How to represent the pattern of intrusion and distinguish the real intrusion from the normal activities is the key factor, hence the performance of the intrusion detection is determined by the quality of the pattern's representation. This article is mostly aiming at Network based Intrusion Detection System (NIDS)...
|
PDF Full Text Request