复合式入侵检测方法的研究

Innovation to hybrid intrusion detection methodology

所提出的复合式入侵检测算法是基于行为建模算法和模式匹配算法两种入侵检测算法的有效结合,其中行为建模算法扩展了基于异常的入侵检测算法,而模式匹配算法完全实现了基于特征的入侵检测算法.自适应的行为建模算法根据用户的行为和程序的行为建立合法的行为模板,而不需要任何人工干预.两种入侵检测算法能够有效的降低误报率的发生.采用Servlet Filter技术的安全代理是一个具有一定入侵分析功能的智能插件.

The hybrid intrusion detection algorithm proposed here is based on the effective integration of behavior modeling and pattern matching, where behavior modeling extends anomaly-based intrusion detection algorithm and pattern matching implements signature-based intrusion detection algorithm. The adoption of self-learning behavior modeling has the capability to determine the legitimate profiles according to user activities or program activities without any intervention of human security expert. The combination of the two intrusion technologies has dramatically reduced false positive and false negative alarms. A Servlet Filter-based security agent is an intelligent plugin with the basic ability of intrusion analysis.