The Research On The Intrusion Detection Based On Behavior Of The Conditions

Along with the rapid development of computer and network technology, our life and workbecome richer, more convenient and more efficient. But, on the fact that information is thefirst wealth of the current society, the enterprise and the personal information exist hiddentroubles because of the openness of the network, then the problems of computer network securityand safety protection become the attention and research hot spot for people. As the developmentof computer technology, the computer network intrusion and attack means are constantly rich, inthe face of these new attack means, the traditional computer security protection measures oftenappear inadequate, even by the attackers used, make invasion of the bridge.Therefore, in order toimprove the security of computer and network, ensure the safety and information network usersthe normal use of the service, a new type of security precautions needed to be put forward tomake up for the weakness of the traditional way.The emergence of intrusion detection technology making the original defense system havebeen strengthened.The emergence of intrusion detection technology strengthened the originaldefense system. It can effectively detect the invasion behavior and identify the intrusion type ofthe behavior. As the network structure and the computer system complicated, the increasedbandwidth of the network, and a series of development, the traditional intrusion detectiontechnology which only depend upon the pattern matching or data analysis in the applicationperformanced more and more not satisfactory, low percentage, high false positive rate and lowload capacity exposed gradually, on the other hand, this also promote people to improve tointrusion detection algorithm and perfect the intrusion detection system.This article through the analysis and the type of attack invasion and characteristics, andcombining with actual network environment to the high bandwidth, mass data and the trend ofsafety transmission, put forward based on the behavior of the conditions of the intrusiondetection method thoughts, and to design as the core of the test method of intrusion detectionsystem. First of all, this method based on the host and based on the network intrusion detectionmodel mixed, in the host server and network detection were set up to detect module, networkdetection module is responsible for the first time gave data filter detection and monitoringnetwork internal radio abnormal data, the host detection module is responsible for abnormalbehavior of the host detection. Second, the detection method used in recent years of nomainstream of feature extraction data contrast between ideas, but the hosts and network users directly to monitor behavior contrastive method. Based on the basic behavior of hosts andnetwork node attack tree model, by monitoring the condition node with forming conditionsneeded for attack the matching degree, to the existing abnormal behavior judgment. Experimentsshow that the proposed based on behavior of the conditions of the intrusion detection method iscapable of effectively identify application layer attack, based on the method of intrusiondetection system in large flow network environment of basic guarantee detection rate.The rest of the paper is orgnized as follows:1. Learn studied the birth of intrusion detection technology and development, researched inmany traditional intrusion detection technology, analyzed their different characteristics andapplied environment, and summarized their deficiency.2. Based on behavior of the conditions of the intrusion detection method is given. Judge thedetecting data and behavior through the analysis of computer and network normal behaviorcharacteristics and intrusion attack behavior characteristics.3. According to the condition based on behavior intrusion detection method, the paperintroduces a complete set of intrusion detection system. This system set up different effects offunction module based on the behavior of the conditions to intrusion detection method.4. Simulation experiment. This paper adopted the traditional KDD99 test data and the trueenvironment IDC computer room ,Through testing program with Snort experiment resultscontrast,determing the feasibility of the method.