| With the prevalence of computer network in the finace, government, medicaltreatment, manufacturing, commerce and education, network security was takenmore serious. With the enchancement of security requirement, it's not enough justuse firewall to protect network and system's security. So we must take multiplexmeasure to protect the security of network and computer system. IDS(Intrusiondetection system) has been become into an important technique in safty domain aftertwenty years' development. The technology and standard of today's IDS are notmature engough compare to those mature security products such as firewall.Especially on detecting undefined intrusion behavior, the false alarm rate and falsenegative rate of IDS is quite high. In order to solve the probleme that IDS couldn't detect undefined intrusionbehavior effectively, this paper propose a new prototype of IDS. We construct thestructure based on the distributed IDS. So the detectors of this IDS not only candetect intrusion behavior based on host and network in local network, but also cancooperated with other detectors to detect the large scale network intrusion. According to the robustness and adaptability of the genetic algorithms, wepresent an algorithm of anomaly detection oriented to computer network This makesup the traditional statistic detection's defect which it ignored multivariablecorrelations of variables in computer network environment. This algorithm uses thenormal network traffic data without attack for train and study and usesmulti-dimension space to describe these data. Finally it apply a set of detection rulesthat evolved by genetic algorithm to detect anomaly data. It was proved that thealgorithms can detect undefined intrusion behavior effectively.
|
PDF Full Text Request