| With the popularization of the network and the increasing of the hackers, the network security problem increasingly becomes more important. As the crucial supplement of the firewall, the intrusion detection technique becomes the focus of present network security field.The additional anomaly-based or misused-based intrusion detection usually makes a crisp choice between normality and anomaly. It loses much valuable information, which results in its poor detection efficiency, especially in the complex distributed network environment. In order to reduce the rate of false positive and rate of miss-report of the intrusion detection system, based on fuzzy theory, absorbing the thought of common intrusion detection frame, design an event analysis of a distributed intrusion detection system. The kernel unit of the event analyzer is a unit which is called Fuzzy Decision Engine. It is a component of the detection agent in a distributed intrusion detection system, can consider various factors based on fuzzy theory when an intrusion behavior is judged. The fuzzy comprehensive evaluation based distributed IDS with FDE is a hierarchical structure, which has the ability to analyze many types of information from the detection agents, and report the result to the high level FDE for further evaluation. Such an IDS has advantages of the high accuracy of detection intrusion, an efficient decision-making process, nevertheless, low consumption of system resource.Finally, upon the designing theory of the Fuzzy Decision Engine, with the data collecting function of "snort", provide the implementation of this event analyzer, and utilize improved BM pattern-match algorithm to classify the network information. In order to implement the communication mechanism among "snort" and the event analyzer, create the unified data communication interface.
|
PDF Full Text Request