| Security of network systems is becoming increasingly important as more, and more sensitive information is being stored and manipulated online.In addition to intrusion prevention techniques,such as user authentication,avoiding programming errors,and information protection,intrusion detection is often used as another wall to protect network systems.In this paper,we present the design and part of implementation of Intrusion Detection System for MAN(Metropolitan Area Network) security.MAN intrusion Detection System has six parts logically: Information Collection Unit,Data Preprocessing Unit,Analysis & Intrusion Detection Unit,Information Database, classifier,and Response & Control Unit.For Information Collection,we use Cisco's NetFlow technology or Sniffer to timely get data from network.NetFlow allows extremely granular and accurate traffic measurements and high-level aggregated traffic collection. Data Preprocessing Unit is used to convert all of audit data into NetFlow format files.By analyzing NetFlow data,it reports the traffic of all of IP in MAN and the traffic of all kind of application.Base on traffic report,we can export the reports of traffic trend that show trends in the amount of traffic generated across the MAN.The accuracy and real-time of detection rules are two critical factors for IDS.So we design hierarchical model of intrusion detection. First,the Intrusion Detection System require real-time pattern matching capabilities at very high network speeds.Second,data mining is used to construct temporal and statistical features from a large amount of audit data for accuracy. Then IDS make full use of data in information lib to detect current network flow whether anomaly or not.If the current network flow is abnormal ,the system can make an alert.So we improve the Response & Control Unit to accommodate the network development. |
PDF Full Text Request