基于MLSI的多主机入侵检测系统的研究-计算机应用技术专业论文.docxVIP

广西大学烦士学位论文 广西大学烦士学位论文 基于MLSI的多主机入侵榆测系统的研究 MLSI．BASED MUl月I．HOST INTRUSIoN DETECTIoN SYSTEM ABSTRACT With the development of Intemet，continuous increase of forms and importance of applications based on network，the need to insure security of computer systems has become more and more essential and challenging．Nowadays many kinds of static security technolo画es，such as firewall and data cryptography,have been mature． However,they still cannot meet the requirement of fmding out the incursion initially and prevent the attacks from crackers．The technique of intrusion detection watches the computer and network resources for malicious activities．It detects not only the intrusion form the outside，but also unauthorized actions of intranet users．Therefore it becomes a hot topic in the area ofnetwork security． Based on the analysis of the aRack mechanisms，this paper quote the definition of MLSI，which was proposed by the Japanese researchers，to build a MLSI—based Multi—host intrusion detection system．When detecting intrusions，the system needs only a few MLSIs instead of hundreds of attack signatures as other IDSs do，so it call solve some ofthe problems ofcurrent IDSs． Based on a detailed analysis of the method proposed by Forrest et a1．，this paper introduced an improved new metric，called event counter,to perform anomaly detection．Firstly,it check MLSI in audit log，and then compare the suspicious sequence with those in database to fmd out whether an intrusion occurs，so it can improve the efficiency and accuracy ofdetections and reduce the load ofthe host． Finally,a prototype system is built and experiments examining the efficiency of the anomaly detection method are presented．Theory analysis and the result of experiments show that MLSI can effectively identify intrusions．The method can greatly reduce the overhead of the host．All these show that the MLSI-based Multi-host intrusion detection system and the improved new anomaly detection method proposed by this paper are effective an