| Because of the explosion of the networks, it becomes more and more important to improve the security of networks and mainframes. Since James P. Anderson expounded the concept of intrusion detection in his report named omputer Security Threat Monitoring and Surveillance? the techniques of IDSs have been improving evidently. From then on, there are large numbers of IDSs have been developed such as IDES, NMS, NIDES and DIDS. In spite of that there is evident evolution of IDSs, they are much more immature compared with the other mature security components such as firewalls. The essential weakness of current IDSs is lacking in standards to integrate all their components together to form a flexible intrusion detection system. To satisfy the integration of IDSs?components and the ability of information sharing, CIDF working group published CIDF specification in 1998. Our IDS is strictly based on CIDF specification. It consists of four discrete components communicate via message passing. Several kinds of components are envisaged: Event generators (colloquially -boxes): produce intrusion events. Event analyzers (A-boxes): analyze events to detect intrusion via misuse detection and abnormity detection. Event databases (D-boxes): store raw events and analyzed results. Response units (R-boxes): carry out particular actions to protect the system from being destroyed. These four kinds of components exchange data in the form of GIDOs represented via a standard common format CISL. Event analysis component is the core of our IDS. In this component, we use two kinds of detection techniques including misuse detection and abnormity detection. In the field of misuse detection, we detect intrusion via model-based matching method. In the other aspect, we use statistical methods such as Q ?S ?T2 method and CHI-SQUARE method to monitor abnormal conditions in our system. Despite that our system is just a prototype, it has strong abilities of integration with other security components and it can be upgraded easily. |
PDF Full Text Request