Intrusion Detection Research

With the network developing, it plays more and more important position in the economic and political lives. How to ensure the security of network and information becomes the most important task of network security experts. Recently, the frequently invading accidents of hackers make all the people aware of the importance of network security. At the same time, how to detect the intrusion of attacker for preventing actively and reducing loss becomes the key problem of maintaining network security. People find in practice that the network security is dynamic system engineering, and it's very difficult for single security products to satisfy the actual needs of network security construction. Setting up three-dimensional safe system consisting of anti-virus systems, fire wall, network IDS, loophole scans etc and each performs its own functions have already become the common understandings of the industry and user. Drawing support from its dynamic and active operation principle, IDS had become the key to link the static protecting technology in the three-dimensional safe system.IDS (intrusion detection system) is an active preventing method of network security. It obtains information actively from internal system and kinds of network resources. According the information, it can know the possible intrusion and attack, then informs in time the administrator what has happened, thus offer protect for network system. Traditional strengthened operating system technology and fire wall isolating technology are both static defending technology and lack the initiative response to the attack means with rapid change under the environment of the network. By studying the process and character of the invading behavior IDS can make between security system respond in real time to the invading process and behavior. There are three kinds of Realization such as software, hardware and software-hardware integration forms. It usually adopts distribution system structure composed of managing and controlling center and detecting engines.As the rational supplement of the firewall, IDS can help the network system to deal with attack and expand the security managerial ability of the system administrator (the security auditing, monitor, discerning of and response to the attacks included). Thus we can raise the integrality and safety infrastructure of the information systems.This article is arranged into three parts five chapters. Chapter One is the first part, and it generalizes the contents of Intrusion Detection System. Chapter two and three constitute the second part. This part introduced the classification of IDS, discussed the relevant implementation technique on the basis of theory frames that are put forward and analyzed the assessment and test standard to IDS. At the same time it gave a rough IDS strategic scheme to major challenges that IDS faces at present and has established the good theoretical foundation for the practical application of the enterprise. The third part is composed of chapter Two and Three, and it analyses the current situation to IDS and puts forward the corresponding solution. Finally it makes the prospect to the application foreground of IDS.The research of this paper is broken through to some extent in three respects as followed: First, summarize the theory frame of IDS in order to form a unified research foundation of IDS. Second, it gave the corresponding application system and model structure concretely based on theory frame put forward. It pays close attention to the general practice directive significance to technological theory researchers, IDS developers and the users. Thirdly, the concrete evaluation method and process is given directed against the assessment of IDS, which can be used in the course control and control afterwards. We can also carry on effective feedback by this means.