| With the development of network, the traditional theory of computer security can not adapt to dynamic change, multi-dimensional interconnected network environment. To design protection system, generally, could only take the known security threats and a limited range of unknown security threats into account. Protection technology can do to succeed as much as possible attempt to prevent attacks or slow down this process, but can not prevent the occurrence of a variety of attacks, which requires the introduction of intrusion detection to compensate.Intrusion detection is divided into anomaly detection and feature detection. The existing intrusion detection system uses a single detection mode, which is difficult to effectively deal with omissions and false positives. This paper analysis the open source software Snort and serial hybrid intrusion detection System (SHIDS) is proposed. The system combines two different detection modes, better to resolve lack of a single detection mode, while unknown viruses also have also been pre-judged. Experimental results show that the SHIDS has lower fail and higher detection rate than misuse detection system, and has lower misstatements and stronger explanatory than anomaly detection.The pattern matching algorithm of the detection module which in the SHIDS can not effectively jumping unnecessary step and has lower rate, the BF-AC algorithm has proposed to improve the rate of AC, misuse detection rate is further improved, which improve the overall hybrid detection rate of intrusion detection system in theory. And experimental results show that the BF-AC can effectively reduce the times of state transition, further improve the SHIDS detection rate. |
PDF Full Text Request