| Invasion detection is an important part in information safety protection system, which is mainly done by collecting information from many key points in the net and then analyzing and judging the information to make the real-in-time monitor in order to make sure of the safety of the computer net resources. In view of the present problems in IDS, such as, poor expansion and self-compatibility, hard to detect the unknown attack, lower examination rate and higher mistaken reports, etc, some researching on invasion detection technology at the angle of improving the examination strategy and the examination rate is made in the dissertation.Considered that most of the invasion detection at present only adopt the technology of misusing detection, little products adopt the unusual detection, an invasion detection model that has mixed the two detection technologies is introduced in the dissertation, and is proven the rationality and validity of the model.On the strategy of misusing detection, the technology based on sequence model analysis is adopted. The author emphasizes on the elaboration of the match, comparing and the judgment of the intrusion result, and analyze the examination data to show that the strategy can detect more effectively the attack of application layer R2L and R2R.On the unusual detection strategy the technology based on cluster analysis is adopted. Because the original calculation method of K-means needs to input the number of cluster in advance, and the different number of clusters has important influence to the cluster effect, an improved cluster method of K-means to solve the problem of the original one is presented. Using the improved cluster method, it is not necessary to give the number of the clusters in advance and easy to get the best number of clusters. Moreover, the improved method can get better cluster effect by selecting the initial best cluster center and spatial cluster. |
PDF Full Text Request