Research Of The Network Intrusion Detection Model On Rules And Behaviors

With the rapid development and wide application of computer network technology, more and more attention has been paid to network security. How to quickly, accurately and effectively identify the foregone attacks and new attacks, become a serious problem in intrusion detection systems.In this paper, for the problem of the most commonly used intrusion detection systems to face that the high false detection rate and missed detection rate; combined the rules and behaviors detection technology to study, achieved the network intrusion detection system based on the rules and behaviors.The design and implementation about the detection system are discussed especially.In this paper, the main content of research as follows:1. Firstly, the paper analyzes the existing problems about the intrusion detection products. Building the rule detector by protocol analysis technology, and use the genetic neural network technology to build the behavior detector.2. According to CIDF norms, design a intrusion detection model structure based on rule and behavior; and given the design program of each module. The design ideas about the rule and behavior detectors in the data analysis module are introducesd detailedly. In the rules detector, using high degree regularity of protocol to build protocot tree, decode protocol and design the protocol analysis process; then giving the basic steps of protocol analysis detector. In the behavior detector, combination genetic algorithm and neural network, complete the step's design of genetic neural network, and gives the method for determining the core parameters.3. According to the design scheme about the intrusion detection model was proposed in this paper, combining the realization of principles about each module, completeing the development about the intrusion detection system based on rules and behaviors. Focus to introduce the modules of data collection and data analysis. In the data collection module, this paper defines the core data structures and functions of data capture mechanismbased on Winpcap function.In the data analysis module. First, for the different invasion affair in each Layer protocol, giving the specific detecting process. Then, give the realization process of the behavior detector. Finally, complete the combination of two technologies, and use of a technology alone to make the comparison test. The test results show, this paper achieves the intended goal of this subject, effectively reduce rate of false detection and the missed detection in the intrusion detection system.