The Research And Implementation Of Intelligentized Intrusion Detection System

Intrusion detection is a highlighted topic of network security research in recent years. Computer criminal is becoming more and more dangerous nowdays, which poses urgent demands on the performance of intrusion detection system. The big shortcoming of current intrusion detection system is unable to detect new type of attacks quickly and exactly. Intrusion detection system has so similar function with immune systems that it could provide a naive template for research and development network intrusion detection system. Immune systems have many features such as multiple layers , distributability,diversity,uniqueness , dynamic defensive,adaptability,association memory and so on. The immune-based intrusion detection system tries to apply these features to improve detection performance and to increase system robust ability and adaptability.Moreover, Intrusion detection system at present moreover greatly part of all concentrated in the aspects of raising an detection rate,lower a misinformation rate and speeding detection speed. The intrusion respond modle still exists to need the problem for resolve. Intrusion respond model carrys on respond to these attack affairses singlely,don't have function of calculate,belongs to a kind of after the event ground to respond to an activity. Don't considerate the analytical misinformation and the circumstance for fail to report of the engine existence. For choiceness but have organization of the distribute type attack lack to unify to be in conjunction with defense,can't carry out the system defense of many systems. Therefore, it is bound to analyze intrusion response model, making it do every moment to respond to differently, reduced artificial, carry out ability from the adaptability and dynamics.The work of this paper concentrates on analyzing current latest of immune-based intrusion detection system , and carrys on an improvement on it.With analyzing biology theories of the thymus and the somatic hypermutation ,we have applied them to the control process of the detection process of the detector and the life cycle of the detector respectively. The imitation reality experiment explains: This kind of new method that immune-based intrusion detection system compares the traditional dynamic one has better adaptability.Finally,we implemented an dynamic distributed intrusion detect system based on immunity,at the same time,introduced particularly each modules. And then,at the foundation of the practice running result, we analyzed and summarized the advantage and weakness of the system based on immunity. On the other hand,through analyzing the existence questions of current intrusion response system,this paper proposes a intrusion response model based on workflows,scheduling problem and J2EE framework. This model filtrates alarm before response, at the same time,it can also predict the coming attacks on-line and make the corresponding response measures .At last,through experimenting analysis,the intrusion response systems can forwardly take measures to hold back continuing intrusion, minimize the loss of the system and protect the suffering systems after the intrusion happened. In addition,through describing of the Petri Net expanded, Petri Net may construct better model for managing model of workflow .In the last chapter,the discussion of the proposed model is given,and the expected future work is described.