The source of network security threats and attack methods are constantly changing. To monitor the changing attack means, generic technology based on model checking is applied to intrusion detection, and has been proved by the previous studies that it is the first intrusion detection system which can detect complexity attack. Therefore, as soon as the technique was put forth, it gained a wide attention from the scholars at home and broad, and formulated a k ind of intrusion detection algorithm based on model checking. However, there are still a number of problems remain to be solved. On one hand,the detection capability of the algorithm towards other common attack types remains unknown by now. On the other ha nd, KDD CUP is the current commonly used data set for the assessment of invasion detection algorithm performance. Due to the varied ways exist in extracting data characteristics, the data set cannot conduct assessment to the ’ behavior’ oriented invasion d etection algorithm, and invasion detection algorithm based on model checking is precisely according to the features of attack "behavior", thus we are in urgent need to have a behavior oriented of data set so as to implement performance assessment to the existed or future invasion detection algorithm based on model checking. All of these constitute problems the paper sets out to solve.First, in view of the 22 kinds of common attack types were analyzed, and according to the principle of the extracting key attack action sequences, its formula is obtained.Second, within the KDD CUP certain sample space, randomly selected from a large number of connection-oriented record with normal attack.Then, translation for connection to an action, won by a large number of attacks based on behavior of record and normal data sets, because the process of the construction of the data set has nothing to do with any algorithm, thus to behavior oriented intrusion detection algorithm(class) the implementation of independent evaluation.Finally, using the platform of 3 kinds of intrusion detection algorithm based on model checking and 22 types of attack detection, find out the different algorithm relative to the detection of different types of attacks.Our simulation results confirmed: build the test platform can effectively evaluating the intrusion detection algorithm based on model checking(class)。... |