Research And Implementation On The Network Protocol Misusage Detection System Based On Markov Chain

Traditional misuse intrusion detection technique is one of security assurance technology. But the network intrusion detection system does not accommodate the new environment of network with the increase of network traffic, along with the development of intrusion technique and the development of network intrusion technique brings the new attacks. In order to resolve the problem of low accuracy,computing overhead and the high false negative probability that the current detection technology suffered,the protocol misuage detection becomes one of the research fields in the development of network intrusion detection.First of all,this paper introduce the Markov chain theory. After analying the specifications of HTTP,SMTP,FTP,TELNET and TCP,we know the TCP session is fit for the Markov process.In this paper,we analyze the transitions between states of the application layer with the normal TCP traffic,and build a protocol misusage detection model with the normal traffic in DARPA data set. We do research on the transitions between states of network protocol,the protocol misusage detection model based on Markov chain,the framework of the IDS technology and protocol anormity after we discuss the current technology. The main research contents of this paper include: research on transitions between states of network protocol and session process, protocol misuage and the anomaly detection model based on Markov chain, the research of intrusion detection framework, more accurately model based on the characteristic of the network traffic and so on. Then,the paper present a protocol misusage IDS in application layer based on Markov chain, and obtain the following results after test:the system can have good effection on detecting the probe packet,DoS attack and novelty attack.The system can overcome part of disadvantages in traditional intrusion detection system,and adapt requirements with different network.The experiment shows that the system can improve the detection accuracy rate,reduce the false negatives probability.The research work of this dissertation is supported by pre-research project, and the result offers the support for the development of the project.