Research Of Intrusion Detection Method And Its Implementation In IDS

Intrusion detection is a means of dynamic safety protection. It can protect the networks against external attacks, inner attacks and misuse operation because intrusion detection can search the intrusion signal actively. Intrusion detection can be divided into three parts which are data collection, data analysis and response according its function architecture. It can also be divided into two types which are anomaly detection and misuse detection according its detection method. This paper builds an intrusion detection system model based IDMEF after synthesizing multiple frameworks of intrusion detection system. This paper puts emphasis upon intrusion detection methods especially the pattern match method of misuse intrusion detection. It not only optimizes and accomplishes the single pattern match based on Snort which is the famous open source software, but also it improves on the typical multi-patterns match method. This paper introduces the anomaly intrusion detection methods in detail. Further more, it gives an anomaly intrusion detection method which is based on Bayesian statistics and can be applied in a real system. Finally, a distributed intrusion detection system which can be applied in a small network is achieved. This system transfers the message by means of IDMEF and its detection engine uses an optimized multi-patterns match which is BM method. It can achieve anomaly detection by adding a statistical plug-in into the detection module.