Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Zhi Xue

2007-01-01

Abstract:Intrusion detection based on protocol has become one of the key technologies for the intrusion system detection of the next generation.The paper￡¨based on the analysis of network intrusion detection's structure and traditional character pattern matching technology,explains the theory and realization of protocol analysis,based on protocol analysis,proposes a model of intrusion detection system,and finally analyses a typical case of intrusion detection.

LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

杨小平,苏静

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.02.035

2004-01-01

Abstract:In this article we present a new Intrusion Detection Method using protocol analysis and command parsing technology to accurately capture the character of intrusions based on the characteristic of protocol architecture.According to our test results,the technology greatly improves the performance of IDS and reduces the misapprehensive and transudatory rates.

CHEN Shuyu,WU Qingquan,ZHOU Huiyi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.06.049

2007-01-01

Abstract:The traditional distributed intrusion detection systems mostly use multilayer architecture, which results in complicated management and communicational bottleneck. This article introduces an autonomous model of distributed intrusion detection system. It has only two layers so it can reduce the complicate of layer control. It makes up of autonomous detection node, which integrates the protocol analysis technology and the pattern matching technology to achieve distributed intrusion detection. It uses user-defined protocol and the standard SSL protocol to ensure security of the communications within the whole system. For the convenience of the custom, it can browse the alarm in any detection node by browse/server model.

Liang Hu,Kuo Tang,Yu Ku,Kuo Zhao

DOI: https://doi.org/10.4156/jcit.vol5.issue3.13

2010-01-01

Abstract:With the development of high-speed network technique and increasing volume of network traffic, traditional pattern matching method can’t adapt to the new challenges to intrusion detection. To solve this, protocol analysis is introduced into the procedure of intrusion detection, and it has advantages such as the capability of detailed command parsing, attack detection and protocol acknowledgement against fragment attacks, the lower false positives and high performance. By the integration with pattern matching, intrusion detection technology based on protocol analysis may significantly reduce the amount of computation and improve the efficiency of packet analysis as well as the detection rates.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.

Hecheng Li

2012-01-01

Abstract:Considering some problems that secure communications between the various modules in distributed intrusion detection system, a kind of network security protocol of applicable to distributed intrusion detection system is proposed. Combining with theory and practice, it was also proved that this protocol is efficient.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

SHI Zhicai,Ji Zhenzhou,Hu Mingzeng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.13.041

2005-01-01

Abstract:After the characteristics and capability of network intrusion detection technique are introduced, the distributed intrusion detection system based on agent is classified. Two typical system frames are described. Some key techniques to be used in developing an intrusion detection system are discussed. The detail methods to solve these technical problems are given.

QINGtao WU,Zhiqing SHAO,Xiyuan QIAN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.10.049

2006-01-01

Abstract:Distributed denial of service (DDoS) attacks are major threats to availability of computer network. A detection model for early DDoS attacks is presented, which involves with probability distributions of normal behavior on computer network and DDoS attacks detection threshold. The model employs statistical analysis of data from network connections to find the probability distributions of normal behavior. Based on the probability distributions, the threshold is set for detecting attacks. Also, the feasibility of the scheme is validated through the simulated test. The experimental results show the effectiveness of the model in detecting DDoS attacks. Furthermore, this model provides some directed sense for other network security detection research.

Tong Xiaojun,Cui Minggen,Ma Chao

DOI: https://doi.org/10.1109/WiCom.2008.1104

2008-01-01

Abstract:The existed distributed intrusion detection system adopt the architecture which the data is collected and analyzed centrally, in which there are some defects. The defects are like simple point invalidation and bad extension. On the base of analyzing existed distributed intrusion detection system , this paper designs one distributed intrusion detection system based on the entity model and proposed a secure communication protocol. In order to guarantee security, reliability and integrity among entities in the model, this paper has designed an object-oriented exchange model of information. The paper also has designed a safe transport protocol based on ECC, DES symmetrical and the asymmetrical encryption technology, so it can assure to communicates safely and effectively with each kind of entity. © 2008 IEEE.

郭丹,阚忠良

DOI: https://doi.org/10.3969/j.issn.1009-2552.2004.03.006

2004-01-01

Abstract:This paper presents the design of an intrusion detection model adopting a signature-based approach for detecting distributed attacks, which aims at detecting distributed attacks that cannot be detected by data collection mode at any single place. Comparing with other approaches, the communication imposed by intrusion detection is greatly reduced and the management of transmission security in this model is simplified.

YU Zhi-hong,ZHAO Kuo,HU Liang

DOI: https://doi.org/10.3969/j.issn.1671-5896.2008.02.009

2008-01-01

Abstract:Because there are some problems for traditional pattern matching detection technique such as high strength!computations,low detection rates and high false alarm rates an intelligent matching for intrusion detection rules based on protocol analysis is proposed.And this technique aims at detecting attacks by the means of high regularity of TCP/IP(Transmission Control Protocol/Internet Protocol),which results in obvious decrease of computational quantities of rules matching.The design and implementation of auto sorting rules base based on dynamic analysis are also presented.Experimental results show that our proposals can shorten about 20% the time of pattern matching and improve the efficiency of intrusion detection.

Yan-guo Wang,Xi Li,Weiming Hu

DOI: https://doi.org/10.1109/icsmc.2008.4811596

2008-01-01

Abstract:With the increasing requirements of fast response and privacy protection, how to detect network intrusions in a distributed architecture becomes a hot research area in the development of modern information security systems. However, it is a challenge to build such a system, given the difficulties brought by the mixed-attribute property of network connection data and the constraints on network communication. In this paper, we present a framework for distributed detection of network intrusions based on a parametric model. The parametric model can explicitly reflect the distributions of different intrusion types and handle the mixed-attribute data naturally. Based on the model, we can generate an accurate global intrusion detector with a very low cost of communication among the distributed detection sites, and no sharing of original network data is needed. Experimental results demonstrate the advantages of the proposed framework in the distributed intrusion detection application.

Guangchun Luo

2007-01-01

Abstract:Intrusion detection is an important way of secure information. One of the key problems of intrusion detection is the validity and efficiency of detection algorithms. This paper products a distributed IDS model based on N-P principle and discusses how to implement it. By colligating each kind of local strategy, the simulation verifies that the validity of IDS can be improved, the rate of fake alarm can be lowered down at the same time, and the reliability of decision-making is promoted indeed.

TAN Min,HU Xiao-long,LIU Lian-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.055

2008-01-01

Abstract:In view of the weakness of current intrusion detection system and intrusion analysis method,a distributed fusing multi detection technology intrusion detection system model based on multi-Agent is brought forward.Apart from traditional analysis technology,file integrity analysis method based on mobile agent is added to the analysis Agent too.The model realizes the dist-ribution of intrusion detection,owns good scalability,improves the accuracy of intrusion detection,enhances the intrusion detection system's capability by using multi detection technology.So it can meet extensive security demand of the distributed network envi-ronment.

WU Qing-tao,SHAO Zhi-qing

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.12.004

2005-01-01

Abstract:Intrusion detection,as one of the most active and important network security technology,can compensate the shortcomings of traditional security protection measure.Through building dynamic security cycle,it can promote the protection capacity of system and reduce the security threats as great as possible. An overview of basic issues on intrusion detection is shown in this paper,which is involved with three main aspects of intrusion detection,including Intrusion Detection System(IDS) architecture,intrusion detection methods and IDS evaluation.Firstly,three kinds of IDS architectures are analyzed.Then,current intrusion detection models are given,and their merits or shortcomings are discussed in detail.Finally,some future promi￣sing directions are presented.