一种基于网络的入侵检测模型及其实现

在入侵检测CIDF体系结构基础上,提出了基于网络的二层式多数据包分析入侵检测模型.这一模型中,事件分析器对当前事件分两层进行处理:先将当前事件结合历史事件进行关联分类,找出与当前事件关联紧密的历史事件;然后对包含当前事件的这一类关联事件进行回归分析,最终发现潜在的协同攻击和分布式入侵行为.仿真试验说明该算法模型能够检测出传统入侵检测系统难以发现的分布式入侵行为.

A New Model and Implementation of Network Intrusion Detection

Based on intrusion detection common intrusion detection framework(CIDF) architecture,a new network intrusion detection model of multi-data packages analysis was presented. In this model current affair was transacted by two steps through affair analyzer: First,we associated the current data packets with historical data packets,processed a clustering analysis and found out the historical data packets that were closely associated with current data packets;Then,we used Multiplayer Forward Neural Network to process a regression analysis to data packets,and obtained the results of intrusion detection.The simulation experimentation has proved that this model can check up the distribute intrusion affairs that is difficult to discover on traditional intrusion detection system(IDS).