Research Of Intrusion Anlysis Technque In Intrusion Detection System

Intrusion Detection System is a new safeguard technique for system securityafter traditional techniques, such as "firewall", "message encryption" and so on. Forthe past few years, with the development of commercialized IDS products, IDSbecome more and more widespread. But the complicated Internet circumstances andemerge in an endless stream intrusion techniques become the unlimited challenge toIDS, therefore, current IDS universally has highly rate of False Negatives and FalsePositives, and the real-time detection of IDS was also greatly lag in practical use. Atthe same time, the function of IDS has been strengthened and generalized; theconception of Intrusion Protection System (IPS) and Intrusion Management System(IMS) had been brought forward and become the new tendency of IDS development.As an important security technique, many aspects of IDS especially intrusion analysistechniques need deeply research.This paper analyzed the characteristic and weak point of traditional intrusionanalysis techniques, and emphasis on Signatures-Based analysis technique whichwidely used in commercialized IDS production. To direct at the limit of real-timeprocess in this technique, this paper proposed a new multi-pattern parallel matchingwhich bases on the pattern tree. The algorithm is effective and simple, also canrealize parallel matching. Analysis shows that the new algorithm has long movingstep, and effectively reduced the fact matching scale and exhaustion of time andsystem resource, therefore improved the searching speed. In addition, intelligencemethods are widely used in intrusion analysis, and become the new hotspot in IDS. Inthis paper we proposed an intrusion analysis model that based on fuzzy diagnosisreasoning, which comes from the fuzzy trait of intrusion behavior and the specificityof Chinese Medicine diagnosing diseases. It analyzes basing on the system state andusing the active ECA-Rules to monitor the variety of system function. By usingdesignated fuzzy diagnosis reasoning method and combining the abnormal state ofsystem, it could effectively detect intrusion and its possibility of type. The modelfavored strengthening the activeness of responding and defensive performance of IDS.