| The opening of TCP/IP protocol makes the Internet become the largest computer network all over the world. However, the opening brings more and more serious problems in security. As the Internet becomes widely used in our daily life, especially in business area, the security problem will effect the future development of the Internet directly.Many network security technologies, such as firewalls, access control and data encryption, have been developed and adopted. Intrusion Detection is another important network security technology, and Signature-based Intrusion Detection System is the most popular one now.This paper studies the traditional computer security model and the Common Intrusion Detection Model first, then analyzes and summarizes the main intrusion detection methods and their features. The Signature-based Intrusion Detection is analyzed with emphasis, and the goal of the paper is to discuss how to improve efficiency and accuracy of the Signature-Based Intrusion Detection. Following are the main points of the paper:1. Signature-based Intrusion Detection System takes advantages of advanced pattern-match algorithms. Through description of existent algorithms (the Bayer-Moore algorithm and the Aho-Corasick algorithm), the paper describes a newly developed algorithm for matching sets of strings, which integrates the useful concepts from the two algorithms. The modified algorithm is realized and made experimental comparison with the standard Bayer-Moore algorithm.2. The skilled attacker can evade detection by exploiting ambiguities in the traffic stream as seen by the Network Intrusion Detecting System. This paper proposes a new method to improve NIDS' ability of "knowing" more detailed knowledge of the end-systems. We can add a "normalizer" to eliminate potential ambiguities before the traffic is seen by the IDS. |
PDF Full Text Request