| In order to strengthen network security construction, the intrusion detection system is usually deployed in network. Through real-time monitoring important websites, all detectors will be managed by centralized control plat. As extracting features of user behavior in the existing intrusion detection system, it is often conside the concrete system and detection method. When the extracted features of user behavior can not reflect the behavior and user behavior characteristic of the invasion, it will lead to higher false positive rate and false negative rates. So it is difficult to realize accurate detection in complex distributed and coordination attacks. Meanwhile it will be lack of detecting new or unknown attack. Therefore, it is significant to enhance the compatibility of intrusion detection system.In the paper, we have studied the intrusion detection technology on large-scale network and proposed multi-level intrusion detection methods based on protocol analysis, which can improve detect efficiency of the intrusion detection system. Then we have established expandable description method effectively, which can describe intrusion detect event. Because the change of network traffic affects self-similarity of network traffic directly, we have proposed an intrusion detection system based on the self-similarity of network traffic and made experimental test. The distributed denial of service (DDoS) attack traffic will be added into the network traffic, which will cause the change of Hurst parameter of network traffic. So it can judge whether the network is abnormal or not. The intrusion behavior can be recorded in the diary to carry on intrusion response. The experimental results show that the intrusion detection system can give response promptly to DDoS attact behavior. |
PDF Full Text Request