| With rapid improvement of network bandwidth, new intrusion behaviors emerge endlessly in computer network. Intrusion attacks such as internet worms destroy the regular running of personal computers and servers; evenly influence the normal working of basic network equipments. How to protect our network security from intrusion attacks is one of the most important researches in network security.The major studies are as follows:First, we analyze the concerned network security technologies(intrusion detection and response technologies), and then design the architecture of the self-defending network system prototype. By researching the characteristics of intrusion detection technology, a hierarchical intrusion detection model is designed in order to solve the problem that high error positive probability and poor real-time in traditional IDS. The model combines traffic anomaly detection and payload anomaly detection with misused detection methods. The improved K-means cluster algorithm is presented and the experiment is done to test the algorithm in the study of traffic anomaly detection method. In the study of payload anomaly method, by analyzing payload distribution of network packets, the normal profile is constructed to detect intrusion, and then the effectiveness of the proposed approach is verified by the experimental results. In the analyses of combining anomaly detection and misused detection, the model framework is proposed to improve the detection accuracy.At last, response policies are presented. When intrusion attacks are found, the automatic network reconfiguring is used to prevent the attacks and to isolate the source of attack or infection. An alarming method based on TCP session hijack is presented to inform isolated users. |
PDF Full Text Request