整合多重分析模式之入侵偵測系統

Abstract

入侵偵測系統偵可測對系統的不當攻擊，是網路安全中不可或缺的一環。然而隨著網路環境以及攻擊方法日益複雜，入侵偵測系統需要更多方面的稽核資訊，以作更完整而詳實的分析。在本篇論文當中，我們提出一個可融合多方面的資訊的侵偵測系統，整合以時序性分析為考量的入侵偵測模組，以及非時序性分析的入侵偵測模組。其中資訊融合的模組中，我們採用以模糊理論為基礎的專家系統，以期能同時分析不同的稽核資料，達到提高偵測率，降低誤測率的效果提升。

Intrusion detection system has been applied to detect malicious attacks over the Internet. As complexity of the Internet increases, intrusions tends to combine several types of attacks, and hence difficult to detect. In this thesis, an intelligent intrusion detection system is proposed which fuses both the sequential sequence analysis model and the evidence based analysis model. The rule-based fuzzy expert system is also applied in the information fusion model to achieve higher detection rate and lower false alarm rate for intrusion detection.