| With the development of network, the security of network has become more and more important. The intrusion detection technology is a dynamic and safe defense way. It can find intrusion signals actively, and provide the safe protection for the system of network as the outside intrusion or inside intrusion or misuse appears.The most currently intrusion detection system structures adopt only one structure, which exists some defects both in the structure and the detection technology, so the thesis focuses on the network intrusion detection model and technology and makes some improvements.1. On the aspect of network detection model, a multi-agent hierarchical cooperation model is presented after analyzing and comparing the hierarchical models (AFFID-. EMERALD) and collaborative model (the multi-agent intrusion detection collaborative model). The model can modularize a network intrusion detection system with the technology of agent, so it can realize the distribution of data collection, data analysis and the discovery of intrusion.2. On the aspect of network intrusion detection algorithm, the thesis studies the misuse detection algorithm and anomaly detection algorithm. On the aspect of anomaly detection algorithm, the thesis mainly uses the improved algorithm of BP -Conjugate Gradient BP, our experiments show it performs well among other algorithms with the lowest False Positive Rate 2.1432% and the highest Detection Rate 97.8261% in the network's anomaly detection. On the aspect of misuse detection algorithm, the thesis proposes a combination classification for misuse detection. It can detection the normal network data, the DoS attacks and the Probe attacks, and it also can detection the R2L attacks and the U2R attacks which is difficultly detected. The algorithm can detect some new attacks. For known attacks, the False Positive Rate is 1.5151% and the Detection Rate is more than 95%. For new attacks, the False Positive Rate is 3.3103% and the Detection Rate is more than 80%.3. On the environment of Aglets, the collective Agent and network detection Agent for the network intrusion detection system are finished.
|
PDF Full Text Request