| The rapid development of Internet has made the intercommunion among people break the restriction of space and time, and eliminated all the barracks between countries and regions, visible and invisible. Meanwhile it has been challenging the security of Internet.Intrusion Detection technology, for its positive policy and resolution, has become the main method and tendency to protect users' data and prevent inner and outer intrusion. However, administrators usually don't know how to select an IDS to protect his LAN as the existing IDS isn't taken into account integrated performances. Therefore, it is vitally important to design and implement an adaptable IDS for administrators.Firstly, this paper introduces network security and the key technology of it, with the focus on the technology related to intrusion detection. Besides, the actuality of this study and its trend in this field worldwide at present are also emphasized.Secondly, we introduce the proposed architecture of NIDS which has 4 layers with selective ability. In this system design, we have realized three key technologies as follows:1) We define priority for every intrusion feature under which administrators can adjust the total performance through setting the threshold of feature priority, and then get the best total performance among run efficiency, detect rate and false alarm rate.2) 2-layer ensembling neural network is introduced as detection model.3) A binary data model is generated, which can store all kinds of features.In the end of this paper, an NIDS was developed on the basis of Bro, which includes the intrusion feature selection algorithm based on priority and the approach of capturing packets based on feature selection other than the base function of Bro. The validity of above methods is proved through a series of experiment. |
PDF Full Text Request