The Research And Realization Of Distributed Network Intrusion Cooperation Detection System Based On Character Matching And Binning

This thesis reviews the phylogeny of intrusion detection technologies firstly, and analyse theactual intrusion detection technologies. The thesis puts forward the research after analysis ofprimary commercial distributed intrusion detection systems' structure, and some typicaldistributed intrusion detection system models in the internal and overseas researches.This thesis researches on the intrusion detection technology based on clustering, afteranalysis of some detection technologies in the internal and overseas researches. UsingKDDCup99 network intrusion detection datum to experimentize HCM and FCM in theliterature[101]. With the experiment results analysis, the problem that glancing judegment inproducing clusters and outliers judgement has been found. In allusion to this problem, this thesisbrings forward statistical binnig method to produce clusters and judge outliers. HCM based onstatistical bilmig method needs not update the clustering center frequently, and not costs time incompared with traditional HCM, and then the thesis brings forward FCM based on statisticalbinning after analysis of the experiment result of HCM based on statistical binnig, solving someof problems in HCM based on statistical binnig.With the information network system's structure increasingly complexed and distributing,and various attack technologies appearing, actual commercial intrusion detection systems can notsatisfy the factual applications. This thesis points out that IDS's development should needcooperation, and puts forward the DICDS (Distributed Intrusion Cooperation Detection System)model, using data collection cooperation, data analysis cooperation and system responsecooperation. The mostly research of this thesis is to realize inside nework data analysiscooperation of DICDS. In the experiment of FCM based on statistical birmig, this thesis bringsforward using character matching and FCM based on statistical bilmig together to cooperationanalyse network connection records after analysis of the error judged data. The experiment resultshows that this cooperationmethod has high detection rate and good real time, and can fred thenew intrusion.