Research On The Framework Of Knowledgebase In Network Intrusion Detection System

With the extensive applications of the network and other information technologies, the security of network systems has become critical. Intrusion detection system is the key technologies to protect network systems security and is important way of network security, being a hot area of research and development. Up to now, researching testing of intrusion is no longer confined to data detection algorithms and data mining, the knowledge base of Intrusion system is greatly concerned, becoming a new research hot spot. For Intrusion detection system based on expert systems, the knowledge base not only can provide knowledge carrier and management mechanism, but also can support data mining techniques, guide search direction, and optimize the mining process.This paper first analyzes the status of knowledge description research in the IDS at this stage, then put forward to the request of attacks presentation models;analyzes the knowledge characteristics of intrusion field, Explore the knowledge that attack methods;put forward to the abstract knowledge structures and knowledge-based object-oriented attack expressed models, and the realization of an attack using java language to express knowledge. On these basis, the paper studies and analyzes the design of knowledge base of network intrusion detection system (NIDS);and discuss the framework of knowledge base for NIDS. The knowledgebase based on the object-oriented knowledge presentation models, the rules and methods for the core of the design, concepts into a knowledge base level, deploy the rules and methods through incident management engine, in conjunction with the knowledge base and database communications.Finally, the paper explored ways to achieve the knowledge base and its update automatically methods, design a single event and related events described language, and make feasible achievement programme of the rules base. The paper has studied and researched the attack knowledge expression and the knowledge base of the NIDS, the proposed model can express complex attacks and distributed attacks correctly and effectively;the knowledge base model and programme of Achievement proposed embodies a good knowledge management mechanism and withdetection efficient and adaptive characteristics. It is hoped that this paper can provide reference and illumination for intelligent network intrusion detection systems research.