Abstract:Currently, the false positive and the false negative of Intrusion Detection System are very high. It was always the main problem that bothered the user of IDS. But there are tow main technologies applied in IDS. To this problem, because both the technologies have its own advantages and they can supply for each other. So IDS combined with the tow technologies was used more and more widely. This paper presented a model of IDS based on combination of misuse detection and anomaly detection. In this model, misuse detection is based on pattern matching and Anomaly Detection is based on statistical analysis. It combined the tow technologies to reduce the false positive rate and the false negative rate in only one detection technology, and then to improve security of IDS.
田俊峰; 张 喆; 赵卫东. 基于误用和异常技术相结合的入侵检测系统的设计与研究[J]. 电子与信息学报, 2006, 28(11): 2162-2166 .
Tian Jun-feng; Zhang Zhe; Zhao Wei-dong. The Design and Research of Intrusion Detection System
Based on Misuse and Anomaly. , 2006, 28(11): 2162-2166 .