Study On Intelligent Intrusion Detection System Based On Fuzzy Estimation

The development of computer network technology brought the people'life great convenience. But, the opening and sharing characteristic of network makes it easily be attacked and destroyed. These years, the intrusion aimed at computer and its basic equipment emerges in endlessly. To protect the computer and network's safety, people beginning to study the protecting technology of network security. Intrusion detection system is a new security ensure technology behind the traditional security protecting methods such as firewall, data encrypt techniques and so on.According to the statistic, ninety-five percent of the national intrusion detection products are based on characteristic detection nowadays. The intrusion detection system based on characteristic has very high false alarm rate or miss alarm rate, and they also have many other disadvantages such as failing to detect unknown attack, abaining attack patterns manualy and so on. To fetch up the defect of characteristics based intrusion detection system, computer experts has doing many researches, such as ANN, manual immunity, data mining and so on. But these techniques have the problem of"sharp boundary"more or less, furthermore they can't response to intrusion actively and neatly. Moreover, these techniques mostly used in laboratory and there is very little mature system from now on.This dissertation studied a wise intrusion detection technique based on fuzzy theory. Fuzzy theory uses a number between 0 and 1 to express the degree elements belonged to one muster. It overcomed the limitation of traditional 0, 1 division mechanism, and accords with human's rational thinking much more. Based on research to this technique, we implemented intrusion detection system PIDS with C language. This sytem detect intrusion join Fuzzy Complex Judge with fuzzy port scanning, and its data source includes both host log and network data packet. This sytem can find unknown attack, at the same time it response actively to the detected intrusion through calling netfiler/iptables sub system in Linux kernel.