| In recent years, with the development of information technology and rich people, and the number engaged in online trading activities also rapid growth, however, the number of network attacks increase. Network security is facing a severe test. Network intrusion detection as one of the main ways of protection, more and more respected by everyone, we are trying to study. Network intrusion detection system can detect a variety of network intrusions, so we enjoy the security of the network life. However, the era of progress, more and more new technology enables faster speeds and larger bandwidth, and a variety of automated tools emerging network attacks, the original technology is difficult to detect network attacks. The main difficulties:first, it is no longer the single attack as previous, multiple hosts simultaneously and combined attacks is becoming more and more popular, namely distributed intrusion. Second, the network environment has become increasingly complex. Third, the increase of attacks becomes very complex. And adding a lot of new attacks, false alarm rate and missing alarm rate of intrusion detection systems have become more sophisticated, therefore, reduces the accuracy of intrusion detection.To solve this problem, this paper do lots of research on models and aspects of network attacks and misuse anomaly technology.Specific aspects:it collects the key information of network node and evaluates it. This paper makes a new method of getting the shortest path and using of a reverse search method to remove redundant nodes. WU-Manber improved multi-pattern matching algorithm to match the speed becomes faster.The improvement and highlights of the paper:In the basis of original diagram generation method of network attack, this paper makes the best to let the network attack path be the minimal path, and also make reverse search to delete the redundant nodes. The existing modeling methods of network attack graph have the largely state space and complex network attack graph generation and low efficiency and excessive system state. Based on the above shortcomings, using the following methods:Firstly, we should analysis system to find the vulnerability of the system and the improve algorithm to obtain the minimum path. More, we should use the method of the reverse search to remove redundant nodes. Through the improvement of network attack graph structure, the structure of graph finally becomes simple and tells us the factual situation of goal network.The existing multi-pattern matching algorithm of Wu-Manber should be improved, the existing intrusion detection system mostly use the Wu-Manber algorithm. However, there are still many problems. There are lots of disadvantages as follows:firstly, it can not process the short string;secondly,a lot of data information and operation is unnecessary and repetitive; thirdly, it need to traverse all linked list and it has the low efficiency. In view of the above problems, this article carries on the thorough analysis and put forward the concrete solution.Firstly, it offers the establishment of independent data structures for the algorithm. Secondly, the string will be separated on the length to treat.In order to process the string at the same time, the method of process will be used. And it will filter the address. Through the above measures, it can solve the problems we encountered and have an obvious effect. |
PDF Full Text Request