基于异常和特征的入侵检测系统模型

目前大多数入侵检测系统(Intrusion Detection System，IDS)没有兼备检测已知和未知入侵的能力，甚至不能检测已知入侵的微小变异，效率较低。本文提出了一种结合异常和特征检测技术的IDS。使用单一技术的IDS存在严重的缺点，为提高其效率，唯一的解决方案是两者的结合，即基于异常和特征的入侵检测。异常检测能发现未知入侵，而基于特征的检测能发现已知入侵，结合两者而成的基于异常和特征的入侵检测系统不但能检测已知和未知的入侵，而且能更新基于特征检测的数据库，因而具有很高的效率。

An Anomaly & Signature-based Intrusion Detection System Model

Most intrusion detection systems (IDS) today lack the ability to detect both known and unknown intrusions. Even a very slight variation from known intrusions will go undetected thus rendering the IDS ineffectiveness. This paper proposes Anomaly and Signature-based Intrusion Detection System. The combination is needed in order to increase effectiveness of the IDS. The need arouse due to the fact that individual detection systems possesses serious drawbacks which can be solved only by combining them. With this at hand gives rise to an approach known as anomaly signature-based which is more efficient than individual techniques. This is due to the fact that anomaly detection detects unknown intrusions while signature-based detection detects known intrusions. By combining both techniques in conjunction with our anomaly signature-based system approach we are assured of an intrusion detection system that does not only detect both known and unknown intrusions but also capable of updating the signature-based detection database, thus in return rendering effectiveness to intrusion detection systems.