Research On Coordinated Intrusion Detection Model Based On Behavior Analysis At Driver Level

With the rapid development of Internet technology,computers and networks are gaining popularity.Firewall isolation,Network access control and other static defense methods can't meet the current needs,so the intrusion detection system which can take the initiative to report unsafe behavior attracted more and more people's attention.But in the process of practical application,the high rate of false negatives is a problem that the intrusion detection system can't be avoided.In order to reduce the false negative rate and improve the performance of intrusion detection model,the research on coordinated intrusion detection model based on behavior analysis at driver level was proposed.First of all,the frequently-used technique of intrusion detection was analyzed,the essence of intrusion detection was clear.Aiming at the deficiency of intrusion detection system,the coordinated intrusion detection model at driver level was designed,describe the logical structure of the model.The model is divided into three layers,control layer,application layer,driver layer.Each layer is divided into several function modules and the working principle of the model is introduced.Secondly,the model was detailed designed and the key technologies was analyzed.The control layer was designed and implemented the Completion Port.The main function of the application layer was divided.The interaction strategy between application layer and driver layer was developed,the key technologies of application layer behavior acquisition was analyzed.Based on the Intermediate driver to design and implement the detection entity at driver level.Again,the association analysis was carried out on the intrusion behavior and according to the influence of the host state classifying intrusion behavior.Based on the Apriori algorithm for association rules mining,and the association rule was filtered according to the classification of the intrusion behavior.Bayesian networks are introduced for intrusion intention reasoning for uncertain association relations.Finally,Based on driver level detection entity to design and implement a behavior detection and protection system.An improved scheme of driver level detection entity is proposed,and the detection entity at driver level based on Windows filtering platform(Windows Filtering Platform)as the basis for WFP was designed and implemented.