The Research Of Intrusion Detection Based On EFSA Model And Dynamic Rule Sets

With the development of science and technology,network security issues increasingly prominent,which seriously damage to the interests of Internet users.Intrusion Detection technology as a proactive defense and detection means,which provides real-time and dynamic security blanket for hosts and computer network. Owing to the growing data size,and the complexity and diversity of network Hacker attacks,the network security situation is facing an unprecedented crisis and challenges.To solve the problem of the traditional pattern and protocol analysis technology detecting attacks inadequate,the paper proposes an expansion of finite automaton(EFSA) intrusion detection model which is based on protocol analysis technology and automaton theory. By means of constructing a model,EFSA describe the attack state transition and change.The EFSA intrusion model can be represented by a six-tuple, ie M=(P,Q,Σ,W,q0,F).Through the establishment of the six-member group,it will receive the packet which is mapped on the one hand for the conversion protocol states in order to establish a finite state machine, based on the detection data is automatically accepted by judging attacks exist.On the other hand it will be detected by protocol streaming data, so as to enhance the detection accuracy and reduce the amount of matching calculation rules, which improves the detection efficiency. In the process of creating EFSA model, EFSA detection mechanisms and algorithms are given,which used to match the idea of the rule set classification model is applied in intrusion detection process, help to improve the accuracy of intrusion detection.Furthermore, in order to better describe the automatic machine, made use of a state transition tree represents running session, while creating a session list for storing session information for each session node to achieve a two-way session state associated with the session of the list. Finally, experiment selects the KDD CUP99 as the test data set, proved by experiments based intrusion detection efficiency compared EFSA model based on state-based pattern matching and protocol analysis technology intrusion detection efficiency has been improved, the false positive rate declined.In addition, in order to reduce matching time of rules, and improve real-time intrusion detection, the paper use the three-step algorithm to dynamically adjust to the rules set, which is to get a real-time adjustment.According to the event triggers matching adjustment rule priority, so it reach real-time matching.Usually those rules are often given to more high priority, so that to improve the matching efficiency of the system. Experiments show that the intrusion detection dynamically adjusted based on the rule than the static rule sets using intrusion detection in terms of detection time decreased by nearly 10%, It improves the efficiency and real-time intrusion detection.