| With the rapid development of the compute network, the security problem is geting more and more important. Intrusion detection as a new generation computer security technique, is a kind of helpful reinforce for firewall, virus detection etc. Detection engine is the core of IDS, whose performance directly determines the quality of IDS.Generally speaking, detection engine's detection methods can be divided into misuse detection and anomaly detection. The misuse detection has high efficiency, but it only can discove known attacks of the rules. whereas, the anomaly detection can discove unknown attacks.Further, in the misuse detection module, compared to the simple model of matching algorithm, BM algorithm has been greatly improved, but facing current rapid development of large network flows need faster detection algorithms. In view of the current commonly used BM algorithm analysis, could design a more applicable BM algorithm. This improved BM algorithm can improve the efficiency of IDS. At the same time, apply the known protocol analysis into pattern matching ,which could reduce the quantum of matching, and enhance the efficiency of detection.In the anomaly detection module, according to a classical statistical models, IDS make full use of statistical information to detect current network flow whether anomaly or not of unknown attacks. In order to make the anomaly detection more accurate, IDS could adopt a traffic update policy based on glide window.Owing to the attacks of IDS itself, an optimized alert algorithm could decrease the occurrence of abusive alert, the rationality of alert are improved, and the IDS itself becomes more secure.Finally, for the synthesis consider, a detection engine based on pattern matching, network flow statistic, optimized alert etc for the detection engine could be put forwarded, which provides a thoutht and idea for the detection engine of IDS. |
PDF Full Text Request