Intrusion Detection in Network Security
Zhang San 201221xxxx
Master of Computing, xxx xx xx University,Wuhan,China
**************
Abstract—With the development of computer network technology,the risk of network intrusion also has greatly incread.But the traditional Encryption and firewall technology can’t meet the curity need today. So the intrusion detection technology is being developed quickly in recent years,which is a new dynamic curity mechanism in a t of detecting, preventing the behavior of system intrusion.Unlike the traditional curity mechanism,intrusion detection has many features such as intelligent surveillance,real-time detection,dynamic respon and so on.And in a n,intrusion detection technology is a reasonable supplement of firewall technology.
Index Terms—network curity,intrusion detection
I.the Necessity of Intrusion Detection
With the development of computer network technology,the destructive effects and loss of network attacks also have greatly incread.
The network curity is becoming more and more complicated,the traditional and passive Encryption and firewall technology can’t against the diver and complex attacks.
Recently,intrusion is very easy to many computer competent,and there are many intrusion cours and tools.
So it’s of great significance and necessity to develop the Intrusion Detection System.
II.The development of Intrusion Detection System
In 1980,James P.Anderson wrote a book named “Computer Security Threat Monitoring and Surveillance”,which explained the concept of Intrusion Detection in detail ,the threat classifications of computer system and the idea of monitoring intrusion activities using auditing tracking data.
From 1984 to 1986,Dorothy Denning and Peter Neumann worked out a real-time Intrusion Detection System model--IDES.
In 1990,L.Heberiein and some other people developed NSM(Network Security Monitor),which made a great development of IDS and has formed IDS bad on network and IDS bad on host computer.
After 1988,America began to study DIDS(Distributed Intrusion Detection System),which became a milestone-product of the history of IDS.
From 1990s to now,the rearch and development of Intrusion Detection System has made great process in intelligence and distribution.
III.definition and work-flow
A.Definition
Intrusion Detection is the discovery of intrusion behaviors.It collects and analys the data from some key points in computer networks or computer systems,and checks up whether there exists behaviors violating curity policies or attacking signs in networks or systems.Then,it can sound the
alarm or make corresponding respon in time to ensure the confidentiality and availability of system resource.
B.Work-flow
1)Information Gathering
The first step of intrusion detection is information gathering.And the information include the contents of network traffic,the states and behaviors of the the connection of urs and activities.
2)Signal Analysis
For the information gathered above,there are three technologies to analyze them:pattern matching,statistical analysis and integrity analysis.
3)Real-time Recording,Alarming and Limited Counterattack
The fundamental goal of IDS is to make corresponding respon to the intrusion behaviors,which includes detailed logging,real-time alarm and limited counterattack resource.
IV.Generic Model and Framework
A.The Generic Model
In 1987,Denning propod a abstract generic model of intrusion detection. In figure 1 below,the model mainly consists of six parts:subjects, objects, audit records,activity profiles,exception records and activity rules.
figure 1
B.The Framework
In recent years,the market of intrusion detection systems develops very quickly,but the lack of the universality of different systems hinders the development of intrusion detection ,becau there is no
corresponding general standard. In order to solve the universality and coexistence problem between different IDS,America Defen Advanced Rearch Projects Agency(DARPA) started to make CIDF (Common Intrusion Detection framework ,the common intrusion detection framework) standard,and they tried to provide a fundamental structure which allows intrusion detection,analysis and respon system.Finally the curity laboratory in the University of California at Davis completed CIDF standard.
The main purpo of the framework is:
1)
IDS component sharing, that is a component of the IDS can be ud by another IDS.
