Research On High Speed Network Intrusion Detection

Intrusion Detection was a new network security technology, followed with the security strategies such as data encryption and VPN and firewall technology. Modern computer networks security is established by the intrusion detection together with the anti-virus system ,vulnerability scanner, data encryption and other significant techniques. How to make sure that the IDS has the exellent ability of analyzing realtime data, searching definite contents, getting and reeording network data Packets under complicated environment of the high-speed network is becoming a very inmportant topic.At the beginning, this paper compeletely and concretely explains the intrusion detection development, related molds and analyses architecture of IDS. Secondly, with some key points of the high-speed network intrusion detection are analysed, the solving strategy is proposed by following chapters. And then a method of network intrusion rules extraction based on rough set and niche genetic algorithm is proposed in this paper for low updating rate of intrusion rules. This method deals with original data by Rough sets for acquiring decisive rules and those can be chosen for the initial group of Niche Genetic Algorithm aimed at acquiring wider coverage range and higher reliability rules by evolution. And some better methods including data filtration, load balace and protocol analysis are becoming prevailing nowadays for the unmatched problem of low detection rate and high speed of network,but each of them has some flaw. So we study a strategy of load balance and protocol analysis for high speed network intrusion detection. Distributing stream of data to the rational detectors by the control center of load balace firstly and utilizing protocol analysis to detect the intrusion action with wider coverage range and higher reliability rules based on rough set and niche genetic algorithm.The whole high-speed network intrusion detection system performance is becoming more efficient through the strategy of load balancing and protocol analysis. The architecture can reduce every node'load effectively and rationally.The protocol analysis method also takes good advantage of rules of the network protocol to detect the attack. Using protocol's high degree of regularity and pattern-matching algorithms can extremly reduce the computation and enhance the accuracy of detection.