Research And Design Of Intrusion Detection And Defence System

With the rapid development of the computer network, the application of network technology is increasingly popularizing. Internet has gradually become an essential part of modern society. However as hacker attack and network virus emerge in endlessly, the problem of network security has become very serious. In the world, the issue about network security is thought much than ever.The traditional security technology such as firewall cannot satisfy sufficiently the security requirements of the computer networks. The application of intrusion detection technology to the computer networks has become an urgent demand to strengthen their security systems. It is proven by fact that single product can't satisfy with the requirement of security, so amalgamation cooperation and unified management of product is the main developable direction of network security. Aiming at the implementation of a real-time detection and dynamical defense security system, this thesis focuses on the technique of intrusion detection and decision-making about defense. The research work and the contribution can be summarized in the following aspects:1) Analyzing the characteristic of main network security models, emphasized expatiating the state of intrusion detection and event response technique, and from the point of dynamical defense explaining the critical problem in intrusion detection system.2) Developing the adaptive intrusion and defense system models (AID&DS). By analyzing the architecture of model, the thesis explains that the AID&DS model is platform independent, adaptive, extensive, supporting multilayer data analysis and dynamical decision-making about defense etc.3) Researching the process anomaly detection method based on neural network and providing a method using the forecast function of multi-level perception and anomaly area estimating to detect system anomaly. Importing a misuse detection method based on snort to AID&DS model, which proves that the model is extensive and good to integrate other mature network security software.4) Researching the overall event analysis method in distributed environment. Providing an overall event analysis technique based on improved association algorithm and sequence algorithm.5) Researching decision-making plan about defense to resist complex attacker form, providing a method using finite-state automata to analyze the dangerous coefficient of associated attack sequence.It is proven that the providing system is adaptive and open in architecture, at the same time it has function such as intrusion detection and decision-making about defense. The research of project can make for the complete and solid development of information security technique or product. And it is also significant to information security defense.