| With the development of the Internet, the rich resources on Internet bring users much convenience as well as problems of security at the same time. The increasing requirements of network safety promote the development of the network security technology continually. Intrusion detection technology is an active defense technology. By operating the information coming from networks, such as performances, security logs, audit data and other attainable information, intrusion detection system can detect some intrusions or intrusion attempts and take corresponding measures against intrusions. This kind of technology has its own strongpoint. It makes up the disadvantages of the traditional security technology. It supplements and improves the traditional firewall in many respects. However, its natural shortcomings restrict its performance in the practical application. The combination of the technology is one of the most effective ways to improve the capability of the intrusion detection system. It has important theoretical and practical significance for the research on intrusion detection technology and the future development.This paper starts with some elemental conceptions. It analyzes the current methods, the universal model and the classification in intrusion detection system. And these methods have their deficiencies while solving the problems. It makes IDS cannot meet the needs of real-time, adaptability, accuracy, self-learning ability and so on. Then, this paper also analyses the characteristics of neural network and pattern matching. The neural network is fit to detect the intrusion based on the statistical feature of network flux, while the pattern matching detects the intrusion by searching specific character strings in the data packets. By the way that the feature exists, network intrusion can be divided into two categories. The first kind of intrusion actions'feature is mainly represented by the duration of the connection and the feature of the network flow. The second kind of feature hides in the data segments of the IP packets. They are mainly operating commands of system service. As the corresponding service programs execute the commands, they trigger intrusion action. Because the feature of these intrusions is similar to the normal network flow and connectivity status, it is difficult to differentiate them effectively by analyzing the statistical information.Combining the analysis of invading features, we can see neural network and pattern matching techniques are complementary in function. Therefore, we bring forward a system based on the technology of neural network and pattern matching. To improve the detecting capacity of neural network and pattern matching, we carry out corresponding optimizations based on traditional BP algorithm and BM algorithm respectively. As a result, it expresses the superiority of this intrusion detection system. In addition, combining the actual situation of application, we design two modes, parallel and inclusive modes, which meet the different requirements of the speed or detection precision. They improve the performance and application scope of the system.The system can detect known intrusion and unknown intrusion at the same time. The intrusion detection system combined two technologies has more comprehensive detecting capacity. |
PDF Full Text Request