| With the rapid development of network and information era, information security problems have become increasingly prominent, and intrusion detection technology as a traditional security protection measures, following after the next-generation security technology, network security has become a hot research area of the main technologies. However, for most current intrusion detection system, its main function is to discover the invasion action and sound the alarm, the lack of intelligence and early warning capabilities. In this paper, artificial intelligence in the planning recognition technology applied to the intrusion detection system, in the establishment of planning attacks on the sequence of intrusion on the basis of the intention to identify, and thus help to improve the intelligence of intrusion detection system.This paper describes the intrusion detection technology and plan recognition technology, focused on analyzing the Snort network intrusion detection system architecture, workflow and plug-in mechanism, based on which plan recognition based on the Snort intrusion detection system model and describes design idea of the model, system architecture and work flow. Then the system model, additional alarm correlation analysis module and the concrete implementation plan recognition module is described in detail separately. Alert Correlation analysis module generated by Snort alert log data pre-processing, merging and aggregation, are high-level alarm information, and then through the alarm correlation analysis was associated with the invasion plan, as established by the intention of the planning. Plan recognition module built Bayesian network inference model, the adoption of the model to realize the intention to identify unknown attacks in order to obtain the ultimate invasion of the intention of the attacker. |
PDF Full Text Request