Optimal Search And Optimal Control Theory Applied Research In Intrusion Detection

With the rapid development of computer and Internet, computer network has been widely used and become the most important basic instrument, and network security has become an important issue.Intrusion detection systems (IDS) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. As network attacks have increased in number and severity over the past few years, intrusion detection systems have become a necessary addition to the security infrastructure of most organizations. Now there are still some problems with IDS, such as the high rate of false positive and the high rate of miss-report, the slowly speed of detection, taking up a lot of resources, intrude responses little timely and accurately and efficiently, and so on.To solve these problems, this paper analyzes intrusion detection, Snort, optimal search, automated intrusion response, optimal control technology. The main research objects are intrusion detection system and intrusion response system. The optimal search and optimal control have been analyzed in depth. Then intrusion detection system and intrusion response system are explored for high-speed network.The model of optimal search is discussed in this paper. The application of optimal search in IDS for rule matching is provided. This paper divided the rules database into several cells according to the attack type, then allocate the time on cells, maximizes the probability of detection attacks with less-discard packages. In common IDS, the process of rule matching is usually traversing all rules. If using pattern matching in this process, it will exhaust more time and discard more packets. Unchanged the detection speed, the process would choose some rules to match. Based on the optimal search theory, the system makes optimal allocation of the limited time according to known or possible attacks to reduce workload and make IDS discard less package as possible, thus detects more attacks.The model of optimal control and the application of optimal control in the optimal respond method is discussed. This paper analyzed the automated intrusion response total cost and the expectational total cost according to the optimal control, minimizes the cost of automated intrusion response , then obtains optimal respond method.