| Because of the limitation of all kinds of security technology, it is impossible to get rid of the network intrusions. The early warning technology attaches great importance in the network security field because it can foresee the possibility of the attacks and the following behavior and consequences. Generally speaking, the implementation of the invasion from network are through several steps and in a fixed time. The steps are scanning, gleaning information and implementing, the distributed attacks are more obviously in time and space aspects. It is the reason of the network warning. We can use the real-time collection of network packets, and to analyze and reduce them, and to correlate the fusion of the warning information to warn the intrusion and to judge the security trend of the future network.The setup of the skeleton based on the distributed security early warning system is under the introduction and analysis of the security early warning system, and provides the design of every subsystem. It is to supervise the network attacks and analyze all kinds of information in order to find the potential threat.Warning Agent pattern based on the data mining theory brings forward the method of misuse detection on the dialog record and the method of network users' anomaly detection. Data detection will find the intrusion immediately and the network warning can be realized.Local Warning Center pattern Based on the concept of multi-sensor information fusion, the model of information fusion warning, network intrusion prediction and threat-assessment has been set up. Event relation reduce the false negative, false... |
PDF Full Text Request