| With the rapidly development of network technology, many conveniences have been brought to people. The roles of network have become more and more important, meanwhile, the security problems of network come into being. With the increasing and convenience of attacking tools, the events of attacking increase rapidly. In order to enhance the security, people apply all kinds of network security technology. The intrusion detection technology is a new security technology recently, apart from traditional security protection technologies, such as firewall and data encryption. Intrusion detection is looked upon as the second safe door after the firewall, and it recognises and reacts to the vicious intrusion or suspicious activities on the computer and network resources. As a kind of active measure of information security assurances, intrusion detection acts as an effective complement to traditional security protection techniques. By building dynamic security circle, it improves the assurance ability of information systems to the utmost extent, and reduces the danger to systems brought by security threats. At present, intrusion detection has become an important branch of network security.After thorough analyzing network security knowledge and attack detection methods, this paper skillfully applies Attribute Theory to the intrusion detection field, and develops a network intrusion detection system based on Qualitative Mapping. Intrusion behavior recognition can be considered as intricate property judgement based on conjunction, and Qualitative Mapping regarding interval array as Qualitative Criterion can be explained as a qualitative judgement operation decided by multidimensional attributes. Therefore, we can use Qualitative Mapping regarding interval array as Qualitative Criterion to recognise network data packets.According to Attribute Theory thesis, we extract the twelve dimensional attributes which can represent each packet from every network data packet captured by us, and get a eigenvector which is composed of the twelve dimensional attributes. In this paper, about every kind of attack behaviors, we use bivalent weight {0,1} to indicate how seriously each component influencesthe final result. Then we search the intrusion feature pattern library for the eigenvector processed by these weights. If it is found, this vector belongs to attack behaviors. Furthermore, during the course of string matching, we adopt the improved BM algorithm.After testing a great deal of examples, the network intrusion detection system based on Qualitative Mapping can better recognise various attack behaviors. Moreover, this system has a lower false positive rate and false negative rate, which have laid a better foundation for us to further study intrusion detection.Liao Xiaoyan (Computer Software and Theory) Directed by Prof. Feng Jiali... |
PDF Full Text Request