| The technology of Intrusion Detection is presented under the situation that traditional security strategies are incapable of satisfying increasingly rigorous security demand. Recently, as the development of network technology with incredible rate and the appearing of large-scale network and 1000Mbps Ethernet, Current NIDS (Network Intrusion Detection System) could hardly catch up with the pace of network, thus, traditional detection method face to serious challenge.First, basal definition, classification of Intrusion Detection System and the algorithms of Intrusion Detection are presented in this paper. Based on the analysis and comparing of various technology, Intrusion Detection System based on security state information database is presented, the system architecture, the techniques of data collections, the course of Protocol Analysis, the forms of the information which exchanged between sensors and analyzers. Comparing with other system, by creating security status information database, intrusion behavior is considered as well as the defense ability of protected system; by creating database of suspicious hosts, different detection and respond method can be used in hosts with different threatening level. Finally, this system is evaluation, the results show that its security database can efficiently decrease the rate for misrepresentation of IDS.
|
PDF Full Text Request