| Nowadays, Internet become so important that almost everyone use it every day. Enterprise could link with market directly by internet. With the massive popularity of the Internet, people’s lives and Operating of companies become more and more convenient. People value security of internet because internet play a more and more important role in our daily life.With the development of network security technology, there is a number of different security mechanisms to improve the safety performance of the network, including virus protection, firewall, and intrusion detection systems. Intrusion detection is becoming the new hot spot of information security research. However, the traditional intrusion detection system faces many problems, such as lack of ability to handle large traffic networks, inability to prevent cryptographic attacks. Moreover, nowadays most of intrusion detection methods mainly analyze the packet header while more and more attacks hide themselves in the payload of packets. So this paper proposed a technology of automatic extraction of abnormal network behavior based on payload of packet to improve traditional intrusion detection methods.Firstly, this technology convert payload of packets into primitive feature vectors by using text categorization technique. Secondly, we acquire the principal components of primitive feature vectors by applying principal component analysis on the primitive feature vectors. Thirdly, to reduce the dimension of primitive feature, we use several methods for determining the number of principal components which will be reserved. Fourthly, to get the behavior profile of packet, we model the dimension-reduced feature vectors by geometrical structure model. Fifthly, it judges whether there is abnormal behavior in a packet by the behavior profile of packet.In the experiment, the performance of the proposed technical solutions by this paper is tested. Experimental result shows that the technology of automatic extraction of abnormal network behavior based on payload of packets is much better than traditional intrusion detection methods on detecting the attacks which hide themselves in the payload of packets, and is good at recognize unknown abnormal network behavior. |
PDF Full Text Request