A Framework of Event-Driven Detection System for Intricate Network Threats

摘要

As the network threats nowadays turn to be more intricate and diversiform, traditional intrusion detection methods are facing with the challenges of lacking flexibility because that they are just code-actual. This paper summarizes the common correlating features exhibited by the network events from the perspective of the detector, and proposes a detection framework which can be used to detect various network threats. After having a static scanning of the threats pattern library, it loads and initials the data structure of threat behaviors, and then utilizes the scheme of event driven to deal with the network event streams. Finally, it logs and calls the related function to query the threat behavior states. The formalization analysis shows that this framework has high flexibility and expansibility to adapt to the evolvement of network threat behaviors.