| Intrusion detection system is an essential component of network security.It provides dynamic protection to network, enhances network security greatly.With the constant development of network technology and network size, the attacks against network are increasingly widespread,and the intensity is increasingly strong,the method is increasingly complex.Therefore, intrusion detection system needs stronger ability of system handling and higher accuracy of attack detection.Anomaly-based intrusion detection system bases on CIDF and the desiging of system is modularization handling.CIDF realizes interoperation among intrusion detection and response components,it is wide application and high flexibility.Anomaly-based intrusion detection system realizes in netfilter framework of linux kernel, it is different to the traditional users of intrusion detection system in user space.The system can collect and handle data packet of kernel space,does not need move the data packet of kernel space to user space,avoids the work of data packet copy.Thus it can use less system resource and enhance system handling ability.Anomaly-based intrusion detection system uses a statistics-based covariance analysis model.By using some mulitivariate network features as the basis for study and judgment,the description of the network data flow anomalies is precise,so the model can enhance the accuracy of attack detection.Meanwhile,because the model does not need data accumulation and model training,it is good of real-time and commonality.By function test and analysis in real network environment,the result show that,the system possesses stronger system handling ability and higher accuracy of attack detection,which can reach the designing goal. |
PDF Full Text Request