| With the widespread use of Internet, how to ensure the security of computer networks is becoming a challenging problem. To ensure the security of network, many important technologies have been adopted, including encryption method, identity recognition, access control, and intrusion detection. In recent years, Intrusion Detection System has been an important facet of the computer network security because of the rapid development of its key techniques.Intrusion Detection has been extensively investigated since the report written by Anderson in 1980s. His report named"Computer Security Threat Monitoring and Surveillance"is regarded as the first article about the concept of Intrusion Detection. Today, the Intrusion Detection System has been an important part of network security defense system as its development of last twenty years.Along with the extension of computer network, more and more complex intrusions have been used, which consist of different intrusive types and signatures. Therefore, the hostile attacks cannot be detected easily. For example, some attacks cannot be detected in nature by a single IDS because the single IDS cannot detect some intrusion models which shall be detected by some cooperative IDSs. Moreover, IDS should collaborate with other network security components such as access control, forensic analysis, and intrusion tracing.In this paper, we design an intrusion detection and response decision system based on the output of Snort and BlackIce, both of which are famous IDSs. We address the problem of how to deal with Intrusion Detection Message Exchange Format and Alert Name of multi-IDS for the fusion of alert information and reducing burden of console. The experimental results reveal that this system can be used to preprocess the alert information exactly and efficiently. |
PDF Full Text Request