| With the great progress in computer networks and information technology, the Internet has become an important part of our daily life. While people depend on computer networks more and more, network security becomes a serious problem. There are number of ways to protect our net works, such as firewall, access control and cryptography, etc. However, with more and more vulnerabilities have been exploited and the advance of attack technique, it is realized that such passive and static techniques are not enough to protect our networks. Thus, the active and dynamic Intrusion Detection System (IDS) is a new technique for network security as a complementary one for the traditional network security components.Nowadays, new attacks appear almost everyday so that it is very difficult for an IDS to protect a system effectively. The high false positive rate and high false negative rate becomes one of serious problems for the IDS. The other problem is that there is almost no way to detect unknown attacks. This is because there is no effective way to describe the mode of attacks.As the Windows Operation System is used more and more widely, network attacks on Windows OS are becoming more and more serious than before. Different from the existing network attacks taxonomies, in this thesis we put forward a detection-oriented taxonomy of network attacks, which take two attributes of network attacks, namely attack result and attack mechanism as category criterions, and is called R-M taxonomy model in short. We detailed the R-M taxonomy model's attributes, category principle and network attacks categories in Windows OS. Based on R-M model categories, an Intrusion Detection System has been developed. The system works well by considering the attack features, attack results and attack mechanism together. Experiments have shown that it is superb to the existing systems in some sense, especially it can detect some unknown attacks. |
PDF Full Text Request