The Application and Research of IDS model Based on Multi-technique Fusion

According to the different analysis methods, the intrusion detection is divided into anomaly detection and misuse detection. In this thesis, we analyze the advantages and drawbacks of detection technology, Due to that, this paper proposes a IDS model based on multi-technique with misuse detection and anomaly detection which can overcome their drawbacks and develop their advantages to detect the known viruses, especially unknown viruses with the character of hacker, this kind of intelligence system is Multi-technique Fusion IDS model. This thesis makes use of the SVM and Expert system to construct a new flexible mixed model which can study and update its rules automatically. Besides, in this mixed model, it uses a kind of Memory Tree model to store its rules, this kind of store way can optimize the detection property and raise the detection efficiency. The results of testing based on host-IDS indicated the multi-technique fusion model by two technologies can ensures the higher detection rate and the lower false alarm rate. In addition, if net-IDS and host-IDS could be combined, it will more effectively raise detection efficiency.