| With the wide use of Internet in people's life, network security gradually becomes a key problem in the development of Internet and various network services. At present there are thousands of network attack means, which make the problem of network security more serious. There is a network attack per second in the world, and network security techniques have been gradually developed in the counterwork with network attack. As a whole, network security techniques develop from static stage to dynamic stage and from passive defense to active defense. Now intrusion detection system has become a new focus at network security market, which has not only aroused more people's concern but also played an important role in different environments.Intrusion detection technique is a network security technique for protecting computer system from attack. As a complement of the firewall, intrusion detection technique can help the system deal with network attacks, expand security management ability of system administrators (include security audit, monitoring, attack identification and response), and increase the integrity of information security foundation. It can analyze the information that has been collected from some key nodes of computer network system. Intrusion detection is the second safe gate behind firewall, which can monitor the network without affecting the network function. Besides, it can prevent or alleviate network threats. However, the present intrusion detection technique has some limitations. First, administrators need to examine a large number of log files, which is a heavy workload for them. Second, the expert system adopted currently by most intrusion detection products have high false alarm rate because the network attack means change variably. Third, when attack is discovered, it can neither locate the source position of attack effectively nor provide effective mechanism of response. Although some security factories adopt linkage of the firewall-intrusion detection system or router-intrusion detection system, the products are required to have the same brand. Finally, the intrusion detection structure is designed in the environment that the network bandwidth is 100Mb/s, but the current bandwidth is 1000Mb/s, even 10Gb/s, at the same time, the flux in network is much bigger than that in the... |
PDF Full Text Request