| With the rapid development of information technology and Internet, the security problem of computer network and information system becomes more and more serious. Most conventional security techniques are static mechanism and are limited to Protection phase, which can't satisfy the increasing demand for network security. As a primary technique in detection part of P~2DR model, Intrusion Detection System (IDS) can efficiently recognize and respond to the actions of the network and the hosts actively. Thus it can detect intrusion and misuse to provide a sufficient protection to network security.The main problems of some normal IDS's high error report rate and low efficiency are the singularity of information sources and analysis methods. Due to that, this thesis proposes a flexible Mixed Intrusion Detection System (MIDS). MIDS combines data from the network and the key hosts as its source and introduces a double-layer mixed analysis method as its detection method, which can apply to different network environment with flexible architecture. Based on the study of the theory of Mixed Intrusion, this thesis has given out the system architecture and functional framework of MIDS, and introduced the theory, design and some algorithms of several key modules in detail. The united analysis module adopts Certainty Method according to the theory of Information Fusion. At last, this thesis introduces the test scheme and the test deployment for MIDS, which provide the assurance of practicability for the MIDS. |
PDF Full Text Request