| With the rapid development of internet, many conveniences have been brought to people while the security issues of network come into being. Because of various attempts and the increasing and convenience of attacking tools, the events of attacking increase rapidly. In order to enhance the network security, people have utilized many kinds of technology such as Firewall, VPN, and the intrusion detection technology which becomes more and more attention-getting recent years and is treated as another security "gap" behind firewall. As a kind of active measure of information security assurances, intrusion detection acts as an effective complement to traditional security protection techniques. By building dynamic security circle, it improves the assurance ability of information systems to the utmost extent, and reduces the danger to systems brought by security threats. At present, intrusion detection has become an important branch of network security.After thorough analyzing network security knowledge and attack detection methods, this paper skillfully applies Attribute Theory to the intrusion detection field, and designs a network intrusion detection system based on Qualitative Mapping. Intrusion behavior recognition can be considered as intricate property judgement based on conjunction, and Qualitative Mapping regarding interval array as Qualitative Criterion can be explained as a qualitative judgement operation decided by multidimensional attributes. Therefore, we can use Qualitative Mapping regarding interval array as Qualitative Criterion to recognise network data packets.According to Attribute Theory thesis, I extract the eighteen dimensional attributes which can represent each packet from every network data packet captured by us, and get a eigenvector which is composed of the eighteen dimensional attributes. Then I search the intrusion feature pattern library(three dimensional table transfered by detection engine) for this eigenvector. If it is found, this vector belongs to attack behaviors. In this paper, about every kind of attack behaviors, we use three weight {0,x,1} to indicate how seriously each component influences the final result. Furthermore, during the course of string matching, weadopt the improved BM algorithm.After testing a great many of examples, the network intrusion detection system based on Qualitative Mapping can well recognise various attack behaviors. Moreover, this system has a lower false positive rate and false negative rate, which have laid a better foundation for us to further study intrusion detection. |
PDF Full Text Request