HMM Network Intrusion Detection System Research Based On Protocol

With the rapid development of the network technology and more and more site intruded by hackers, the security of network draws more and more attention of people. At present, there are many static defensive technologies, such as, firewall, access control, data encryption, but all of these technologies cannot totally assure the security of network and resist the attack of hacker. The Intrusion Detection System (IDS) is a new security technology; apart from tradition security protect technology. IDS watch the computer and network traffic for intrusive and suspicious activities. They not only detect the intrusion from the extranet hacker, but also the intranet users.In the same time, this filed also faces many challenges: How to raise detection speed of Intrusion Detection System to adapt the requirement of the network communication; how to reduce false-positive rates and false-negative rates of IDS to improve its safety and accurate degree; and how to enhance alternation capability to raise the security performance of the whole system.From the current situation of network security, this thesis first discusses some technology of network security, and proposes intrusion detection system. Then it introduces the developing history, definition, architecture and usually used detection system types, and on this foundation, puts forward an Hidden Markov Model network intrusion detection system based on protocol.The Hidden Markov Model has many excellent features, for instance its mature algorithm, high efficiency, easy training. Thus it has extensive application in a lot of fields, such as phonetic recognition. At present, the data resource of anomaly intrusion detection based on Hidden Markov Model stem from the host computer (for example, system call). The system has obtained the good experimental result. It is rare in network intrusion detection field owing to greatness and variety of network flux, and perimeters of HMM. Therefore, we use HMM in the network intrusion detection, which could reduce the false -positive increase the detection rate. In addition, HMM training model can adjust parameter, and is able to automatic training.After confirming reasonable observation value of Hidden Markov Model, this thesis put forward a Hidden Markov Model network intrusion detection system based on protocol. Except for data collection module, intrusion detection engine module and responding module that an intrusion detection system commonly has, the system also has preprocessor module, protocol analysis module. In the implement of the detection engine, the combination of anomaly detection technology and pattern match technology is used to redetection, which cans valid monish matching scope of object, and raise speed of detection.Experiments show that the IDS is effective in reducing false positive rates, false negative rates better and it can be improved in detection rates to detect unknown attack. All above improve the system performance.