| Intrusion detection is a means of dynamic safety protection. It can protect the networks from external and inner attacks as well as misuse operations because intrusion detection system can search the intrusion signals and patterns actively. In the process of deploying and maintaining IDSs(Intrusion Detection System),we discovered that IDSs have two potential problems. One of the problems is that after being deployed, they offer a large amount of warning messages, causing"DOS"attacks towards the analysis capabilities of system administrators. The other one is lacking of effectivecooperation mechanisms between heterogeneous IDSs, which results in the inability of IDSs to detect distributed intrusions. In order to solve these problems, this paper presents ontology-oriented IDS technology, mainly to be used in the analysis of IDS events and inter-IDS cooperations, and this paper also gives the model and architecture of ontology-oriented IDS. By building the ontology of intrusion detection, analyzing typical intrusion events, we have proved the effects of ontology in IDS. This paper also presents the critical techniques that implement a network-based intrusion detection system. |
PDF Full Text Request