| With the rapid development of computer networks, Internet has became indispensable in daily life part, network security has increasingly became the focus of attention. How quickly and effectively find all kinds of intrusions, and network resources to guarantee the security of the system is very important. Traditional firewalls, data encryption and other means of static defense has been very difficult to the needs of qualified network security, intrusion detection technology emerges, it is an initiative of the network security technology, is a traditional network security technologies necessary to supplement. Intrusion detection system in the computer security system is playing an increasingly important role. Methods and techniques for intrusion detection research has attracted more and more attention.View from the detection, intrusion detection can be divided into misuse detection, anomaly detection and specification-based detection of three categories. Misuse Detection refers to the use of known attack methods, in accordance with well-defined invasion model, passed to determine whether they appear to detect intrusion patterns. That any matching conditions do not meet the specific activities will be considered valid and acceptable, even if these activities contain hidden intrusion. Detection of specific features of the abuse by the library to determine the basis and test results have a clear reference, so not only the detection accuracy is high, but also measures for the system administrator to provide a convenience. Misuse detection is the detection range of the defect of knowledge by the limitations of known attacks; another detection system is too dependent on the target system, which makes the system portability is not good, maintenance workload, and the invasion of the specific means of knowledge is abstracted into difficult.Abuse of this paper to detect the presence of the above problems, the development from the intrusion detection system and present situation, characteristics of home and abroad, the invasion depth study of the detection method. First, the analysis of the current state transition based method of intrusion detection system, including the state machine and Petri net modeling. By analyzing the existing finite state automata and Petri net model of the state facing combinatorial explosion problem, the introduction of colored Petri nets in intrusion detection; Secondly, the sequence for the current invasion of attack, the key object state change operation extraction and semantic processing difficult problem, the introduction of process mining approach by way of incremental learning to construct and update the invasion model. Finally, detection of intrusion detection model using the above method, the elevation of privilege attack variants were detected with the experiment. Experimental results show that the method used for the detection of intrusion detection has a good effect. |
PDF Full Text Request