| As a kind of active security technique, intrusion detection system (IDS) can detect some set of intrusions and emerging events, provide effective supplement to the traditional security protect technology. With the internet be used increasingly, more and more people attach importance to the intrusion detection system based on network (NIDS). At the same time, it also meets many challenges. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detection.After introducing the corresponding background knowledge include the network security problems, the conception, mechanism and model of IDS, this paper focuses on some key techniques of the NIDS. We put forward a kind of network, and debate its research of the implementation in detail.The intrusion detection system researched in this paper are mainly improved on the depth of protocol analysis. This system adopts the protocol analysis of application layer, greatly improves the veracity and efficiency of detection, and can fetch the capability of abnormity detection based on protocol analysis. In addition, we also put forward a intrusion detection method based on Policy Script. In this system, we use policy script write event analyzer. Data package pass by Event Handle and Rule Engine, and then be abstracted into a set of events This event analyzer thoroughly analyze the set of events. Some basic event can touch off an alarm firsthand, and it can also be analyzed by Policy Script. After be analyzed ,it no only touch off an alarm ,but also can create a new event. User can writer the analyzer himself, based on his own need and the instance of the network. |
PDF Full Text Request