| With the development of the network, network security is becoming a great problem that we have to confront with. In order to work safely and efficiently through the network, kinds of technology and products emerged, such as cryptography, firewall, intrusion detection system, VPN, etc. Among these, the technology of intrusion detection has become the focus. In order to protect the network in the biggest degree, the knowledge of the other sciences is applied into the technology of intrusion detection, and it is because of this, the detection ability can have a great development. Such as Data Mining, Artificial Intelligence, Genetic Algorithms, the theory of electromagnetic field, all of these have developed the ability of the intrusion detection system to detection the intrusion wherever it comes from, the outside or the inside of the network.In most conditions, however, the servers or the hosts have to confront with the intrusion not only from the outer network but also from the inner network. In that way, some single-utility intrusion detection systems are not suitable any more. So a stronger system is needed urgently. It must be able to detect the intrusion from outside as well as the illegal logging and the misuse behavior that come from inner network.In this article, the present condition of the intrusion detection research and its future will be mentioned firstly, and then the theory of the host-based intrusion detection system (HIDS) and net-based intrusion detection system (NIDS) will be analyzed in detail as well as the advantage and disadvantage of each kind of detection technology. After this, the model of a hybrid intrusion detection system will be brought up. The thinking of modular and the thread technology are utilized during the design, at the same time the construct of the model and the function of each thread are also given in detail. The model is designed by the Qt class library in Linux (Red Hat 9.0). The technology of abnormal detection is utilized here. The sub-model of control center is in charge of the running of the other sub-models, so that the efficiency can be improved. On the other hand, the utility of thread technology make the process of the data collection and the process of the data analysis can go together. At the end of the article, theresult of an experiment prove it true that the hybrid intrusion detection system take less time in data training and have less misalert, it can also detect the intrusion efficiently both from the outer network and from the inner network. |
PDF Full Text Request