Research Of Network Intrusion Detection System Based On Hybrid Intrusion Detection Technique

With the popularity of computer network, the information security becomes one of the worldwide toughest problems. Traditional type of security technology such as safety certification, authorization, access control, and encryption, can not prevent the illegal intrusion behavior imposed on the defects of software and hard ware of computer systems. The current firewall does little to isolate the attacks that aim at the design flaws in the procedures and make use of the channel encryption. Intrusion Detection System (IDS) is an important dynamic security protection technique, and it is an important research domain of computer science and technique.Intrusion detection has become a strong barrier to defend net intrusion because of initiative recovery strategy of focusing on data analyzing. As a kind of active measure of Information assurance, Intrusion detection acts as the effective complement to traditional protection techniques. Data mining, an effective technique in data analyzing, is naturally applied in intrusion detection.The advantage of anomaly detection based on network is that it can detect new attacks and its detection rate is high. But the disadvantage is its high false positive alarm rate, which makes real attacks be immersed in many false alarms and then makes IDS lose its function. The advantage of misuse detection based on network is its low false positive alarm rate. But the disadvantage is that it can not detect new attacks, which makes IDS lose its function when hacker attacks objective system with new means.This thesis summarized the advantages and disadvantages of anomaly detection and misuse detection, combined the advantages of them and overcame the shortcomings of them and then proposed the network intrusion detection system model based on hybrid intrusion detection technique. The results of anomaly detection and misuse detection are not always same for one action. The tracking algorithm in the thesis effectively solves the problem that the results of anomaly detection and misuse detection are not same entirely. In the model, the normal behavior profiles and intrusion rules are established through pattern mining and anomaly detection engine and misuse detection engine are realized through pattern matching. Accord to the analysis and comparison of the experimental results, it is known that the model in this thesis is better than a model based on a single intrusion detection technology.