The Research On Analytic Procedure Of Multiple Data Packet For Intrusion Detection System

With the rapid development of Internet, people demand more and more extensive application of it, such as Electronic Commerce, Electronic Government Affair, Online Trading Platform, Online Education and so on. However the increase in intrusion affair is accelerating. And this made the importance of Network Security showed up. People found it is not enough that designing Security System just from the angle of defence. As the new dynamic security measure following the Firewall and Data Encipherment, Intrusion Detection System can identify the illegal act in network, and respond to it. Not only can the IDS detect the intrusion affair from external network, but also can detect the affair from internal network. And the problem that Firewall cannot detect the intrusion in real time and cannot detect the attack from internal network is conquered by IDS.Network-based Intrusion Detection System is usually independent from the host operational system, the detection and the response is get in real time on that system. So the research of NIDS has got more and more regard in Intrusion Detection research. However the single network data packet is the only analytic object on traditional Network Intrusion Detection System ordinarily, so traditional Network Intrusion Detection System usually can only class the isolated network affairs.Aimed at this problem, a new network intrusion detection model was proposed in this paper. It based on Common Intrusion Detection Framework(CIDF)--the traditional Intrusion Detection architecture. In our model the Analysis-Box was separated into two layers. On the first layer, the cluster arithmetic was used to analyse Network data packet which include the currently packet and historical packet. Some historical affair that related to the currently affair will be found out during this analyse. On the second layer, the Forward Neural Network was used as a way of regression analysis, it analysed those historical affair which was found in the first layer and currently affair to get a final result of detection. For test this model, some simulation experiment has been designed. Firstly we tested the clustering ability to the network data packet of Cluster Arithmetic. Then we used some reallife data to test the whole ability of the model. It was indicated in the experiment that the Cluster Arithmetic can class the network data packets correctly and the whole model can identify the attack of password exhaustion to the server of FTP correctly. Butexperiment about other distributive intrusion affair is still need.