| Intrusion Detection, which is trying to detect intrusion attempts so that action may be taken to repair the damage later, is one of the important dynamic technology of computer security.The paper explains the conception and classification of IDS, and several important techniques of IDS usually used. After that, the paper introduces a new method of intrusion detection that based on data resolving and parsing for sequence of characteristic information, or technique of intrusion detection based on resolving FSM and parse tree. Then, an IDS model based on data resolving and parsing for sequence of characteristic information is designed in this paper.Intrusion detection based on data resolving and parsing for sequence of characteristic information is a kind of misuse ID which has some functions of anomaly ID, so it has advantages of both, and can avoid some disadvantages of both. Particularly, for the advantage of the patterns used in detection, the efficiency of detection can be improved greatly. On one hand, the quantity of the patterns is much less than that of other pattern recognition technology. This can avoid blindness of the matching. On the other hand, the pattern of any intrusion can be described by a restricted left liner grammar, and we can use the characteristic of the left liner grammar fully, so that the parser can be designed as an optimized one that can improve the efficiency of the parsing very much. |
PDF Full Text Request