| Large networks attack can be researched base on the graph theory, because the character of its network connect and route of spread is related closely to weighted and oriented graph. Regarding the words above as the issue background , this article introduces one method of network intrusion detection based on graph model. The key points in the method can. be summarized as follows:1. The graph model of network communication. This model map the network communication on the Internet to a weighted and oriented graph, which is called as network-link graph. On the graph host on network is maped to node, network-link is maped to oriented edge , and all kinds of attributes of network-link are maped to weight. By those maps, we can analyse all kinds of behaviors on the network based on the network communication model.2. The graph model of network attack. Based on the network communication model and the characters of network attack spread, this article gives the graph model of network attack. The graph model of network attack is a speical case of the network communication model on the concrete question of network attack. Finally, it establishes the network intrusion characters' database based on the graph theory. Create the graph model based the database, then estimate the model. The database establishes basis of building attack graph and judge of attack behavior.3. The prototype of the network intrusion detection based on the graph theory. After researching on the above problems, it designs the network intrusion detection system based on the graph theory and puts forward algorithm of creating the graph model. The system level management and strategy mechanism is discussed in the end.The method mentioned in this article has the merits such as :high efficiency of analysis, low rate of false alarm, trace back to the source node. This method is an important addition to the methods of detection to existing network attack. It is luciferous to other research on network intrusion. |
PDF Full Text Request