Abstract.As is known to all, the security of the computer network has changed into one of the most important guarantees for the networking technology to attain a further development in the world at the present time. For this reason, the network intruder alarm system, which attains a research and development on the basis of the network intrusion detection technology, has changed into one of the most important auxiliary systems for the technical personnel to deal with the network intrusion threats. Simultaneously, the network intruder alarm system has the ability to carry out an evaluation on all kinds of the grades of the different intrusion threats with a high accuracy. As a result, from a comprehensive point of view, the related countermeasures can be taken.
Key words: Network Intrusion, Intrusion Detection, Alarm System, Firewall
1.Introduction
As is known to all, the rapid development of the computer network has promoted the connections among computers or among the local area networks (LAN) to become increasingly closer to a great extent in recent years.
At the same time, the easy and wide access to the internet has made an especial expansion to the field of the confidential information with a gradual step. For this reason, it has been highly possible for the increasingly more systems in the computers to meet with the external intrusions and attacks with a high frequency.
Generally speaking, the intrusion detection is aiming at carrying out an analysis on the several key types of information from the internet and then carrying out a comparison between the collection information and the security policies. In such a process, the information is thought by the intrusion detection system to be an intrusion action if it goes against the security policies. Subsequently, an alarm will be raised by the computer network intrusion detection system.
On the hand one, the alarm will keep the users informed.
On the other hand, the response mechanism of the computer network intrusion detection system will be started. In such a way, the computer network intrusion detection system can receive a protection with a high effect at the same time.
At present, the most commonly-used ways of preventing the network attacks from the internet is constructing a firewall.
As one of the border security methods and means, the firewall plays an important role in the network security. The most important function of the firewall is implementing a control on the unauthorized access to the network.
On the one hand, the computer network intrusion detection system has the function to shield the topological structure of the internal network as much as possible.
On the other hand, the computer network intrusion detection system shields the websites with external threats on the internal network so as to prevent the unauthorized access to the internal network.
However, there are still obvious limitations in a firewall.
(1) Intruders might find the open back doors behind a firewall
(2) Firewall is incapable of preventing the attacks from the external world
(3) Firewall cannot provide the intrusion detection capabilities in a real time owing to the limitations of the performance
Therefore, the computer network intrusion detection system can"t ensure the security even though a firewall system is deployed in the entrance to the internet. The purely simple firewall policy has been unable to meet the needs of all kinds of the departments that keep a highly sensitive feeling on the security. For this reason, it is highly necessary for the computer network intrusion detection system to take in-depth and diverse means for the defense of the internet.
As there are shortcomings in the traditional firewalls, the research and development of the IDS (intrusion detection system) come to emerge in the world. Intrusion detection is a second security gate after the firewalls.
Under the circumstances that the network performance is not affected, the intrusion detection can help the system cope with the cyber attacks through the network monitoring, make an expansion to the security management capabilities of the system administrators, improve the integrity of the information security infrastructure, and provide the system with the real-time protection on the internal attacks, external attacks as well as the misuse of the system.
At the present time, it has been known among the people all over the world that the computer network intrusion detection has changed into one of the most important research directions in the security of the network.
2.Division of the Network Intrusion Detection System
Generally speaking, the network intrusion detection technology is a prerequisite of all types of the intruder alarms. In accordance with the sources of the detection data, the intrusion detection can be divided into two types, which are the host detection and the network detection.
2.1.Network intrusion detection
The network detection system is mainly taking advantage of the network monitoring to finish the analysis and collection of the data.
In the internet, the protocol that is used in the local area network is the multi-digit 802.3. Such a protocol defines a broadcast technology that is used by the host in the data transfer, and any host will send a broadcast when it sends the data through the network.
In other words, the data that the host sends or receives in the network can be received by all of the other hosts in the network.
2.2.Host detection system
Generally speaking, the host detection system means that the detection modules are planted in the host protection system that is in a protection state as well.
With the purpose of making the detection task come to an end, the system extracts the operational status of the protected system to carry out an analysis on whether the system is attacked by the invaders from the external world or not.
The efficiency of the intrusion detection based on the host is quite high. This type of intrusion detection only needs the system to pay a small cost for the analysis.
In the mean time, the speed of the analysis is rather quick. Also, this detection has the ability to quickly and accurately identify the location of the intruder, and can cooperate with the operating systems or applications to give an alarm and disposal to the intrusion.
3.Computer Network Intrusion Alarm Technology
From the perspective of the network intrusion, intrusion refers to a technical measure that illegally accesses to the computer system.
However, the network intrusion detection and prediction system, which is developed on the basis of the detection technology, is actually one of the most important technical measures that are directed at the computer intrusion.
In accordance with the data source of the alarm, the intrusion alarms can be divided into two types, which are the alarm based on the events and the alarm based on the traffic intrusion.
In recent years, intrusion detection has these main development directions as shown in the following.
3.1.Distributed intrusion detection and general intrusion detection architecture
Generally, the traditional intrusion detection system is highly limited in a single host or network architecture, and is clearly insufficient for the monitoring of the heterogeneous systems and the large-scale networks.
In addition, the different IDS systems cannot work well together. With the purpose of solving this problem, it is necessary to take advantage of the distributed intrusion detection technology and the general intrusion detection architecture.
3.2.Application-layer intrusion detection
The semantics of many intrusion terms can be understood only in the application layer. However, at present, the intrusion detection system can only detect the general protocols such as Web, and has no ability to process the other application systems such as the Lotus Notes and the database systems.
Besides, many large-scale applications such the client/server structure, the middleware technology and the object technology need the protection of the intrusion detection of the application layer.
3.3.Intelligent intrusion detection
At present, the invasive methods get increasingly more diversified and comprehensive. There have been researches on the application of the intelligent body, neural networks and genetic algorithms in the intrusion detection field.
However, all these researches are still in a tentative state. Therefore, it is still necessary to carry out a further study on the intelligent intrusion detection system to address their self-learning and adaptive capabilities.
3.4.Evaluation methods for intrusion detection
Generally speaking, the users need to make an evaluation on a great number of the intrusion detection systems. The indexes of evaluation include the IDS detection range, the system resources occupancy as well as the due IDS reliability.
As a result, the general intrusion detection and evaluation methods and platforms can be designed, to make the detection of the intrusion detection systems realized.
3.5.Comprehensive security defense program
The safety engineering risk management ideas and methods are combined to deal with the network security issues; the network security is regarded as a whole engineering to deal with.
Thus, it is necessary to make an evaluation on the concerned network from the multiple aspects such as management, network architecture, encrypted channel, firewalls, and virus protection and intrusion detection and then put forward a comprehensive feasible solution.
4.Implementation Methods of the Network Intrusion Alarm Technology
Intrusion alarm is aiming at implementing a defensive measure on the basis of intrusion detection and prediction.
In the following, therefore, in accordance with the early-warning technology for the invasion intents on the basis of the attack clusters, the author will carry out an analysis on the practical application of intrusion alarm.
4.1.Analysis on the idea of the alarm System
The intrusion alarm system, which is proposed in this paper, is continuing to use the idea of the event intrusion alarm actually. In the improvement of the accuracy, it is necessary to integrate the invasion intent into the alarm basis.
In the mean time, it is also necessary to make an analysis on the security of the system according to the characteristics of the network invasion, vulnerability analysis as well as the security setting conditions of the network.
Then, it is necessary to combine the alarm situation to make a prediction on the network or host that may suffer from the attacks further, making the alarm and response mechanism clear in targets.
In addition, in order to achieve high efficiency of the calculation methods, the system can make a classification on all types of the network intrusion according to the rules of the network intrusion, and also generates a fixed pattern of classifying the attacking means first, and then searches the interaction to make a connection between the alarm and the response mechanism.
4.2.Analysis on the intrusion alarm system
The invasion process is a phased process actually, and establishes an interaction among the invasion events that have been detected, and simultaneously gives an alarm on the invasion with the same intents, and then makes an overlay calculation on the records of alarms and intents of the invasion, and then carry out the analyses and judgements on the extent of the invasion threats as well as the development direction of the attacks.
Then, it is necessary for the records of alarms and intents of the invasion to get back to the alarm system, makes an accurate description on the types of invasion, and analyzes the attack intents.
Next, it is necessary for the results of the analysis to get back to the early warning system associated with the intrusion.
Then, the early warning system can make a judgment on the specific attack intents of the intrusion behaviors. However, the segmented invasion has a clear target.
Generally speaking, a type of network intrusion is oriented at the bugs and hole of the network security. For this reason, the operating systems or the open severs will not receive any attacks if there are no bugs and holes within them.
However, these operating systems or the open severs will receive a great number of the serious attacks if they have a great number of the bugs and holes of the network security.
The security grades of the network can be also evaluated if a connection can be established between the results of the bug analyses and the types of the intrusion methods.
Based on these types of data, the early predication grades for the network security can be divided.
5.Conclusion
From the above analysis, it can be clearly known that the network development has made the confidential information into the network information exchange without a stop in recent years. The maintenances of the network security are mainly oriented at the illegal invasion actions in the different computers.
However, the intrusion detection and intrusion alarm as well as the security maintenance have changed into system engineering.
In other words, the network intrusion detection technology is applied to carry out a selection on the network intrusion, and evaluates the grades in the process of selection, and then sends the alarm information with a clear target, and then guides the security protection system to process the related actions.
At this moment, the scales and areas of the computer network intrusion can be reduced effectively, thereby reducing the losses.
In addition, from a comprehensive point of view, the computer network intrusion alarms as well as the corresponding systems that are developed on the basis of the network detection technologies are the indispensable parts of the technical measures in protecting the security.
6.References
[1] Jinsheng Cui, Xia Ding, Ming Liu, Youli Lu. Study on the Strategic Systems of Responding the Emergencies of the Network Security Events [J]. Computer Application and Software, 2009, (07).
[2] Nana gao, Xin Chen. The Technological Discussion on Intranet Security Incident Response Management [J]. Office Automation, 2009, (10).
[3] Jie Chen. The Development of the Computer Network Intrusion Detection Technology [J]. Silicon Valley2009(10).
[4] Kejiu Tan. Establishment of the Organizations of Computer Security Incident"s Emergency Responses of Colleges and Universities [J]. Journal of Hechi University, 2009, (02).