| As the development of Internet, the network security problem is more concerned by everybody. As an important defense method, intrusion detection is more and more concerned by scholars and projectors.Intrusion detection technique can be separated to signature-based detection technique and anomaly-based detection technique. Signature-based detection needs to input signatures of intrusion information into special database. Detection is executed according to the information in database. Signature-based detection is precise, but can not detect new intrusion without information. Anomaly-based detection can detect attacks that have never been met and have no signatures. Therefore anomaly-based detection becomes main theme in intrusion detection.The construction of normal user profile is the critical problem in anomaly-based detection. Researchers have used many different methods to construct normal user profile. In this article we will use cluster algorithm based on M-tree data structure to construct normal user profile. And the detection of data streams is executed by tree search algorithm. Finally an experiment will prove the efficiency of the detection method.After the detection of anomaly data flows, the next problem is how to control these anomaly data flows effectively and prevent network jam. Router queue management is an effective method of controlling anomaly data flows. When network is busy router can prevent it by active droppings. However, queue management can do little at the burst of high band-width data streams. In this article we will use new router queue management algorithms which can effectively punish malicious data flows and protect normal data flows. An experiment will show that the new algorithms have better performance than several classic queue management algorithms. |
PDF Full Text Request