| To a certain degree ,as the barrier in network security, Intrusion Detection System can defend the intrusion from inner or outer .But there are many problems in its effectiveness.The improvement of effectiveness ,active respondent ability and IP traceback ability are analyzed and practiced in this paper.This paper firstly presents the traditional measures ,category and current key technologies of Intrusion Detection System. With the theoretic analyze of effectiveness in current system, we propose a model of immunity-based network intrusion detection so as to mend effectiveness.hi order to improve active respondent ability of IDS,I i we finished a real-time monitoring and recovering system of web page based on digital fingerprint .The system can check integrality of important file in web site and automatically recover it an soon as it was irregularly modified.Finally,in order to effectively react to attacker after survived, this paper mention the possibility of tracing flooding attacks by marking packets probabilistically,with the addresses of the routers they traverse.The victim can use the imformation in the marked packets to reconstruct the attack path and trace an attack back to its source. The approximate traceback problem is resolved in the procedure of reconstruction.This is a active way against attacks,so belong to host-based intrusion detection . |
PDF Full Text Request