| Along with the development of Information Technology, especially applications of Internet and Internet, an convenience and prompt information spread platform , which was formed by sharing and exchanging information through open network, provided advantaged condition for computers' prevalence. At the same time, those brought flinty challenge for information security, so all kinds of defense systems appeared, such as encrypting techniques, firewall etc. Using these technology protected the net and the host computer through packet filter or finding the unnormal action in the Internet.Malicious code especially worms take new challenges to the network security because of its latent, auto spread, active attack. It is a curcial to generate the signatures in the host based intrusion detection and in the network based intrusion, or in the anomaly Detection and misuse Detection. In particular, polymorphic worms, as well as metamorphic worms makes it difficult to extract signatures because of the code confusion.In this paper , intrusion detection is classed according to different classification methods, and the advantage and disadvatange is displayed. The worm structure, scan method and the spread model is summarized. A new signature generation method using protocol analysis is introduce. This method not only generate signature but also pricise filter which vulnerability it uses. At last, the automate protocol analysis is given because the protocol analysis is used. |
PDF Full Text Request