| Intrusion Detection is gathering and analyzing the information of the important nodes of computer system, detecting whether there has the events that obey the security policy or attack trends, and noticing the administrator. In general, the hardware and software used for intrusion detection are called Intrusion Detection System (IDS). IDS is the second security gate behind the firewall, and it is also the important part of network security protection architecture.IDS has been fast developing since it's put forward. But Intrusion Detection technology is now wandering with the universal application of high-speed network, the appear of new attack methods like distributed denial of service attack, and the low efficiency and high false positive of today's IDSs.By analyzing the problems of today's IDS, the paper first introduce the traditional intrusion character describing methods and the Common Intrusion Specification Language, and for the first time introduce the method of describing the network intrusion activities by using Intrusion Tree and a new kind of Intrusion Detection Model based on Abnormally Detection and Misuse Detection which using both network and host data source. The model divide the intrusion detection process into intrusion character distilling and intrusion activity analyzing, and present the whole intrusion detection resolution methods. The paper put forward the model of Network Security Problem Domain and analyze the underlying reason of False Positive and False Negative by using it. At last, the paper bring forward the network security protection architecture based on Intrusion Detection for a integrated network security cycle. |
PDF Full Text Request