Research Of Intrusion Detection System Based On Network Behavior Analysis

Intrusion Detection is extremely beneficial to the supplement of the firewalls and encryption. Intrusion Detection System (IDS) can examine the attack before it causes any destruction, and also use the alert and protection system to get rid of the intrusion. In this process, the loss caused by intrusion can be reduced. After the intrusion, related information can be collected for later use as the protection system knowledge. This knowledge can be kept in knowledge library so that this kind of intrusion will no more happen. However, as the increasing expansion of the network scale and the increasing renewal of the intrusion method, IDS also meets many challenges. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detectionThe purpose of the research includes: (1) have an thoroughly analysis of the advantage and limition of pattern matching and protocol analysis, which usually used in the present IDS;(2) have an analysis of the characteristic of network service and the way of providing network service so as to improve the detecting efficiency;(3) design a kind of service-oriented IDS based on the network behavior analysis, which can reduce the calculating amounts and improve the efficiency of the IDS.The main work and contribution of this paper includes:Firstly, this paper presents the existing literature with the intrusion detection system, introduces the basic concepts, history, present technology and the state of research and development, points out the shortage and challenges of present IDS, and illustrates the request of the next IDS.Secondly, through network behavior analysis, decoding the data packet into cell term in the unit of field, then extracting the network behavior and behavior object from the cell term. Through the advanced analyzing of the term of network behavior, the degree of danger of the behavior can be estimated, attack can also be detected according the statistics of the network behavior to the threshold. The way of intrusion detecting just use few certain cell data in the data packet, so the amount of pattern matching can be reduced greatly.Thirdly, combining the network behavior analysis and the characteristic of network service, the behavior objects extracted from the packet are analyzed, so the great amount of usual packets are filtered, only the unusual packets are delivered to the intrusion detecting engine.In the end, the performance of the IDS based on the network behavior analysis is analyzed, compared with the traditional intrusion detection system. The result indicates that the detection efficiency of the IDS is improved greatly.