Based On The Mixed Virus Detection Technology, Intrusion Detection Environment

With computer viruses being more and more rampant, computer system and network security has been paid more attention. And anti-virus techniques are developed more rapidly too. Nowadays there are some anti-virus techniques, such as features-code Filtering, smart Broad-spectrum scanning, virtual machine and active kernel technique etc. Each of them has its characteristics and plays an important role to deal with computer viruses. But it still has not satisfied the security requirements and lacks effective methods to deal with unknown viruses especially.Conventional intrusion detection system is used to detect the invasion of hackers on the computer and network system. The intrusion of virus in computer and network, which is similar to that of hackers, may cause many abnormal behavior on computer and network systems, thus, virus detection model can be built to prevent the intrusion on network systems, based on the Intrusion Detection System.Conventional intrusion detection system includes abnormal detection model, misuse detection model and model of the former two combined. Abnormal detection system works on finding some unknown intrusions, while misuse detection system tests known intrusions. Therefore, virus detection model based on hybrid the intrusion detection system can be used to detect both known viruses and unknown ones.The key Technologies and technology Innovation of this article are reflected in several areas:(1) Through analyzing the key technologies of misuse detection model and anomaly detection model, In comparison between the advantages and disadvantages, Discussing to build hybrid intrusion detection model based on the misuse of the detection and anomaly detection technology.(2) Presents a design base on Based on Composite Intrusion Detection System.(3) Through analyzing computer virus characteristics, Anti-track compilation and tracks, Extracting features-code of known virus and establishing of a database.(4) Using Anomaly detection method based on Statistical analysis, Measures Outlier of Procedures behaviors.(5) Using calculation method vector distance to determined abnormal level of characteristics of variables.(6) Building Normal mode database of computer and network system. Building database of characteristics of variables and weight values.(7) Through calling database, to match characteristics of variables or calculate outlier, to achieve the purpose of detecting virus...