Research Of The Intrustion Detection Based On Correlation Techniques

With the rapid development of network technology, network security, occupy an increasingly important position, simple passive static security and defense policy has been unable to fulfill current requirement, while the dynamic defensive intrusion detection system as technology evolves gradually show out its advantages, but also exposed some questions, such as the high rate of false alarm rate and omissions, context is not clear and so on, seriously affect the performance of intrusion detection systems and their applications. Addressing these shortcomings, we analysis the intrusion technology, and then proposed a system based on causal correlation, and in this system associated with false negative correlation is improved.Firstly,this paper introduces the knowledge of intrusion detection system, including:intrusion detection system, the basic model, working model, classification, structure and deployment.Secondly,the details of the correlation analysis techniques, including the invasion of technology in-depth analysis, probability correlation methods, and based on data mining methods associated with a brief introduction, the principle of causal correlation, the definition of prerequisite and consequence, as well as intrusion detection system architecture.Thirdly,on the causal correlation method associated with the alert false negative question proposed false negative correlation methods, including the definition of Hyper-alert, correlation rule generation, and algorithm description. Then put forward the intrusion detection system's design architectures based on the causal correlation, and system processes, and that the system is divided into alert message preprocessing module, aggregation module, causal correlation analysis module, response module four blocks.Finally, using VC++to achieve an improved system model, and simulate network intrusion incident on the system to attack the completion of a large number of testing laboratories, and then sum up all aspects of system performance, analyze problems, to provide a direction for further research.