The Research And Application Of Hybrid Intrusion Detection Model In Network Risk Assessment

With the rapid development of network technology, information transmits fast by means of the network. High-speed WAN and broadband MAN extensively build in the enterprise communication network are making progress in information development of enterprises in modern society, and enhance market competitiveness of enterprises. But what is worth attention is that, at the same time viruses and hackers are also increasingly rampant, and various network attacks and viruses emerge in endlessly, bringing unprecedented security risk to network.For instance, the electric power information network loads bearing electrical power system's real-time service application system, so that the network is safe or not has a immediately influence to the electrical power system. Currently the information network security construction in electrical power system mainly focuses on virus protection, firewall, intrusion detection, etc. There isn't a complete and effective information security safeguard system.Most risk assessment methods lie between static evaluation and real-time detection. The effectiveness and real-time can not meet the need of real network environment. Especially for information networks, the implement of effective risk assessment for network and early detection of network problems are of great importance to avoiding major network incidents.Based on the study of network security risk assessment and intrusion detection technology, a hybrid intrusion detection model is designed and implemented through the introduction of principal component analysis and self-organizing map network technology; we also present a association algorithm of network attack scenarios based on causality diagram theory, to reveal the attackers'real intention concealed behind network attack as well as next possible attack targets and attack methods; the network intrusion detection technology is applied to risk assessment model. We uses the attacks detected as the main source of threat to assess network risk in real-time, and build the network risk assessment system, which contains intrusion detection, risk calculation and risk prediction modules. By analyzing the intrusion detection log, attack signature and network vulnerability, we could assess the network risk. Through the alert correlating algorithm, the traceability and view for judge of assessment result are strengthened.