Font Size: a A A

Study On IDS Method Based On Data-reduction Mechanism Of Self-set

Posted on:2014-04-17Degree:MasterType:Thesis
Country:ChinaCandidate:M F GaoFull Text:PDF
GTID:2268330422967399Subject:Computer application technology
Abstract/Summary:
With the rapid development of internet, the high-speed network traffic andincreasingly complex intrusion means bring challenges to the existing intrusion detectiontechnology. Traditional, single intrusion detection technology which is lack of collaborativecan not meet the requirements of detection, and a new solution to intrusion detection isneeded to handle huge amounts of data and detect unknown attacks.In this paper, intrusion detection system consisting of the two parts excellent detectorand self-set detector is designed, which is based on the mechanism of passive immuneantibody and automatic immune antibody and takes both advantage of anomaly detectionand misuse detection. The building process of self-set and the mechanism of detectoroperating mechanism are researched to restrict self-set data storage scale and improve thedetection rate. The main contribution of the paper is as follows:(1) A program of network intrusion detection based on self-set detection is designedProgram makes network data sequentially through excellent detector and self-setdetector to detect. Excellent detector is established on existing intrusion rule to detectknown intrusion; self-set detector establishes its own legitimate database used to detectunknown invasion.(2) A data reduction method of self-set is proposedIn the data reduction method of self-set, packet headers and data portions areseparated from the network data, using the attribute keywords of the first portion to create amulti-branch tree and storing the data portion after content feature encoding algorithm.Establishment of the mapping for the multi-tree path and data storage address can restrictself-set scale to facilitate the matching in the detection.(3) An efficient probability matching optimizing mechanism is proposedAfter an analysis of network data trends and a proof of data concentration in network,an efficient probability matching optimizing mechanism is proposed, which can prefer tomatch high probability hitting records to prevent system from massive operation inmatching for improving the detector check rate.The cooperation of anomaly detection and misuse detection can effectively detectknown intrusion and unknown intrusion. The data reduction method of self-set provides anew way to deal with large-scale data, and the probability matching optimizing mechanismoptimizes matching in the detection. Both solve the problem of low matching rate in massive data. Intrusion detection system based on above methods has been initially realized,and the intrusion test results show that the system can detect unknown intrusion, which hasgood adaptability.
Keywords/Search Tags:intrusion detection, self-set, data reduction, address mapping, probabilitymatching
Related items