| The theory of intrusion detection is mature after scholars have being studied it for so many years. There are many intrusion detection systems deployed in parts of the world. However, with the topology of networks being complex, evolution of the attack methods and the capacity of networks being higher, intrusion detection systems are facing up more and more threatening environment. An ideal intrusion detection system must have high detection rate and low false alarm rate in the same time, besides high performance.The situation of research in the intrusion detection domain is summarized in this paper. The advantage and disadvantage is analyzed too. Then, methods of how to use some classical technology to get more ideal result is presented by the author.Firstly, in modern networks an intrusion detection system not only must have high detection rate and low false alarm rate but also have good performance. An ensemble learn-based algorithm is presented to meet the goal, which is low in compute complexity and have high detection rate and low false alarm rate.Secondly, unlabeled intrusion detection technology may product relatively high false alarm rate. A method using modular ensemble is presented, in which sample space is divided into several subspace, so a general problem is reduced into several more concrete sub-problem, then different classifiers is used to detect samples of different subspace. The experimental results show that a better result could be got.Finally, because alarms provided by intrusion detection system is relatively low level and isolated, site security officer is hard to understand the intention of attackers and the severity of attack. A method is presented to generate high level information to help sit security understand attack scenarios. |
PDF Full Text Request