Based on the shortcomings of traditional network intrusion detection technology and the characteristics of network attacks, a new intrusion detection model is designed based on four filtrations. These four filtrations are: protocol analysis, traffic analysis, state monitoring and data analysis. Four serial parallel filtrations implement simultaneously to improve efficiency, enhance network security protection, and ensure the real time of network. Besides, solve the leakage of packets by making use of the superiority of clustering. Experiments show that the model can improve the efficiency and accuracy of intrusion detection.%文章在对网络入侵检测技术进行分析的基础上,结合网络攻击的特点和目前入侵检测系统的不足,提出一种新的基于四层过滤的网络入侵检测系统模型.这四层过滤分别是:协议分析、流量分析、状态检测和数据分析.四次过滤串并行同时进行以提高效率,增强网络的安全防护能力,保证网络的实时性.同时利用集群的优势在一定程度上解决漏包问题.实验证明,该模型可以提高入侵检测效率和准确率.
展开▼
