A Study On Network Intrusion Detection System Based On Fuzzy Kernel Clustering Algorithm

Intrusion Detection System, that is IDS, is a kind of computer system that indentifies and responds to the violation of policies of computer security and network security. It turns passive protection into active auditing and monitoring. And it gives realtime warnings or puts up block to intrusions of hackers and maloperations of insiders, which brings down the risks of computer systems and networks.This paper begins with the fundamental aspects of theory of IDS, including the concept of IDS, models of IDS which have come into being, the classifications of IDS, the evolution and trends of study in the field of IDS, with emphasis on the methods of detection and analysis, which is one of the critical technologies of implementing IDS. Then the framework of OS kernel of Linux is stated briefly, which is the most ideal OS platform for implementation of IDS. At last it brings forward an applicable design of fuzzy kernel clustering algorithm IDS used in bank application and describes a lot of valueble things about implemention in detail.In the design and implementation of the system, the paper tries to optimize the design and implementation of network sensor on Linux platform, including implementation of hi-speed network interface card driver, hi-performance and portable program to capture packets with the use of libpcap, pattern matching on the basis of efficient algorithms in network applications is also fulfilled, which can present us with an exhaustive description about scene of running network applications. Especially, according to the demand in bank applications, an analysis plugin has been developed to monitor and audit the network connections between bank applications. By virtue of share memory and large size buffers, the serialized processing of data in the whole system runs with high speed just like a macro pipelining and the rate of packet loss can be controlled within some desirable range.Research done in the paper not only solved the problems related to implementing Network IDS, but also provided a referable scheme for network security and auditing of application in enterprises by the combination of generic IDS and application in a specific field. With continuous improvement, the system will surely have a very good prospect.