| With the development of computers, communications and network techniques, network information system has become an important infrastructure of a nation. Human can benefit from great contribution which network information system make to social civilization, meanwhile realize that network information security has become an urgent problem which affects long-term behalf and sustaining development of a nation. So, as a dynamic security protection technique, Intrusion Detection System (IDS) has become an important research domain of computer science and techniques.Though have been enforced for more than 20 years, the research work of intrusion detection technologies is still at its first phase with so many crucial problems in common as followed:(1) Can only detect known intrusions but do nothing with a new one.(2) Can do few help with the network administrator because of the high positive false rate.(3) Bad real-time abilityAfter analysis and comparison of advantages and disadvantages of recent detection technologies , we here make a further research and design a light IDS PLADS (Payload-based Anomaly Detection System) which brings in data mining technology. Considering not the signature of known intrusion but the feature of normal system, PLADS can detect new intrusion, Taking network payload as system feature and Mahalanobis distance as algorithm, it can work with low false positive rate and high detection rate, Implying Mahalanobis as a linear algorithm, PLADS can work in real time. Finally tested with DAPRA99, PLAD can really work well as a real time, anomaly based intrusion detection system. |
PDF Full Text Request