| .At present, attacks by hackers, computer viruses often cause outbreaks of information leakage, loss, the network paralyzed, to the vigorous development of the network economy posed a great threat. Network security is becoming more and more attention. The traditional network security technologies such as firewalls, password technology, VPN etc, usually only shielded from external attack. And there would be no internal capacity to attack. So IDS has become a pressing need to explore the technology.IDS is a detection and response to the abuse of computer subject. Attempted invasion of the ongoing invasion or intrusion has been the identification process. through the computer network or computer system from a number of key points to collect and analyze information. network or system behavior and whether there is any breach of security strategy under attack signs, and at the same time respond. Relatively speaking, this is a pro-active protection technology. Intrusion Detection System from network and systems to collect and analyze information, identify the intrusion detection system and abuse of authority, which is a series of intrusion detection software and hardware combination. As a security management tool to collect information from different systems resources。Analysis of abuse or abnormal behavior patterns reflects the information made on the automatic detection of the reaction,detect and report the results. Building Intrusion Detection System is for the acquisition and analysis of the core knowledge, and also the key points。Network Processor mainly related to the completion of the data transmission and network control functions for handling and transmitting ago,extract Packet head and subdomain, aimed at different applications. Packet analysis and change, According to the contents of the different packages and different packages of changes to the special domain. For example, virtual LAN (VLAN) distribution of the data in specific jurisdictions joined the label, Network Address Translation etc. For over high-speed Gigabit networks, On the network processor can solve data processing bottlenecks.Put the intrusion detection system as a whole Analysis Modulefuzzy systems, intrusion detection process as a comprehensive evaluation of the evidence is more than one fuzzy, Set to be the first detection of the factors fuzzy factors, according to a single factor. From its corresponding fuzzy sets and discrimination attached to the decision-making function to be used in vector, a number of factors in the overall decision-making vector acts of discrimination. The invasion of the above definition itself provides intrusion detection channels. So from the perspective of the definition of income testing ,there was also uncertainty aggression. Intrusion often isolated activities,Instead,an organic sequence activities. Before the invasion stage of the dangers posed by the target system than the small stage behind. to the crisis in the target system being smaller re-take the response. Therefore, The combination of intrusion detection and fuzzy theory is feasible.The basic idea is that fuzzy knowledge base invaders are often the first to gather information before trying to obtain a visit competence, After some changes to the system or to steal information. Before the invasion phase caused by the target system than the small stage behind. Therefore, the goal of the system being less harmful, it may be delayed to determine, waiting to collect sufficient evidence to judge the invasion and then take appropriate measures to deal with the matter. Thus, In a certain extent, intrusion detection ambiguous evidence integrated into more than one judgment, From the evidence of intrusion detection can reduce the degree of uncertainty, can reduce the possibility of error and omissions. based on the knowledge base, NP is precisely the use of high-speed data handling capability of the merits.The building of Fuzzy Knowledge Base, one key feature is the acquisition of knowledge, Another important point is to establish the rules. Knowledge acquisition is to establish the knowledge base in the region. and the number of attacks repository of knowledge largely determine the quality of the functions and performance of the whole system. Knowledge-base is a process of continuous accumulation, The amendment process, the actual use of the knowledge base need to constantly sum up experience, Real-time update the knowledge base. Application of snort language adopted rules to establish the rules establishing rules for the fuzzy c-means algorithm is used to establish fuzzy knowledge base.After the completion of the knowledge base, knowledge of attacking the knowledge base is from a variety of channels. With the use of knowledge goes, In the knowledge bases that need constant practice and refinement. However, the knowledge base of knowledge in the creation and updating of attack may exist in some inconsistencies, incomplete and even contradictory, Hence rules of the knowledge based need to be checked. There are rules superfluous contradictions cycle Several other factors need to be considered incomplete.Due to the limitations of simulation environment. Call our knowledge base in the LAN test under the conditions observed after the completion of the knowledge base, Due to the level of expert knowledge, there is still a high false alarm rate limitations, However, with a continuously updated knowledge base of expert knowledge and constantly enrich the knowledge base automatically eliminate the bottleneck. Reduce the error rate. shows the correctness of this idea. It is only because of the ability of the network to improve. Grasp real-time data packets will become a major new method of knowledge acquisition, This means that the function to deal with NP alone or data packet is slightly rough, Before entering the knowledge base is the best in data packets, NP will have an independent audit on the system. It also means that Intrusion Detection and Intrusion Frederick future is the perfect combination of NP an important trend in the development of the measurement system... |
PDF Full Text Request