| With the development of network, security will be more important. Some of the Researchers pay more attention to the active defense, the kernel of which is Intrusion Detection System, instead of positive defense, the kernel of which is Firewall. The key technology of Intrusion Detection which is misuse detection and anomaly detection is very important for the security of network. Actual Intrusion Detection System has some defaults, such as higher false alarm rate, the learning ability and self-adaptive ability deficiency and so on. Studying flexible mixed model of two technologies with other domain technology has become a hot topic in domain of Network Security.In this thesis, we analyze the architecture and mechanism of Intrusion Detection System, that is to say the advantages and drawbacks of the two technologies, Due to that, this thesis proposes a IDS model based on multi-technique with misuse detection and anomaly detection which can overcome their drawbacks and develop their advantages to detect the known viruses, especially unknown viruses with the character of hacker. This thesis makes use of the SVM and Expert system to construct a new flexible mixed model which can study and update its rules automatically. Besides, in this mixed model, it uses a kind of Memory Tree model to store its rules, this kind of store way can optimize the detection property and raise the detection efficiency.The results of testing based on host-IDS indicated the multi-technique fusion model by two technologies can ensures the higher detection rate and the lower false alarm rate. In addition, if net-IDS and host-IDS could be combined, it will more effectively raise detection efficiency. |
PDF Full Text Request