Key Technologies Research And Practice On Network Intrusion Detection System

With the development of the Internet, network security incidents have been occurring more and more frequently. As a result, network security has become an increasing concern. Various types of security system have been developed and deployed in the Internet, but network security situation has not been significantly improved. Analyzing current network intrusion detection technology, This article deeply research the detection methods based on the distributed denial of service (DDoS) attack, pattern matching, and massive redundancy alert events.Our system detects the distributed denial of the service attack by statistics information of packet header, and then detects other attacks by processing packet content and produces the alarm by fusing the alert events. Firstly, the packet is separated from the header and the content. Then analyzing the packet header and according to the packet header statistical model, we would get the same addresses packet header set and power sets to obtain the correlation coefficients. Based on the correlation coefficients we can identify the DDoS attack at a certain time intervals. This article do pattern match using the content of packets. Because it will waste a lot of resources and need more time to match the packet contents by a byte, we employ the idea of Negative Pattern (NP), which can save a lot of time and cost. According the segmented NPs packet flow found in the packet content, our system can decrease the false alarm rate and reduce the number of matches.Finally, This article analyze the main problem of security data fusion technology and propose a security data model. The model includes two fusion techniques, namely, pattern detection fusion and anomaly detection fusion. The pattern detection fusion processes information containing the redundancy data based on dissimilarity. Anomaly detection fusion process is based on the D-S evidence theory of the fusion. The anomalies on the network information are collected and quantified, and then are recognized by the fusion model. At last, we test our methods in a network environment and the results show that our methods can help network security system to increase the detection rate and to reduce the false alarm rate.