| Traditional intrusion detection techniques build on two distinct approaches signature-based detection and anomaly-based detection. While these intrusion detection systems have been effective in many cases, they raise a number of inherent problems: maintenance costs are expensive, detection reliability and accuracy are not satisfactory. To a large extent, these problems arise from the fact that anomaly or signature-based intrusion detection relies on a context-free definition of what a potential attack may be: while by definition any attack is a security policy violation, the security policy itself is not taken into account in these approaches.There has been increasing interest in policy-based intrusion detection the recent years. The approach considers security policy itself, and combines it to practical system and environment. Such an approach has the potential to improve significantly over traditional approaches in terms of required maintenance, reliability, accuracy, and it can be done in real-time and can stop some attacks.We designed and implemented a policy-based intrusion detection system on unix host according to the character of secret network.. The system focus on security policy, it detects intrusion by security policy control, system user's activity auditing, and strengthen security of server system. The system detects and deals with intrusions through security policy control such as process control, network control, command control, login control, password control, file integrity control and so on.The prototype system shows that policy-based intrusion detection system has advantages of low maintenance cost, high reliability and accuracy of alerts. The prototype system shows the project reinforces security of host system, and the resource usages is less, and it is applicable in secret network. |
PDF Full Text Request