此論文設計出一個網路入侵偵測模型,結合了入侵偵測系統現今最主要的兩個理論,誤用偵測以及異常偵測,並建構出誤用偵測引擎以及異常偵測引擎分層處理封包。誤用偵測引擎部分是以資料探勘技術加上模糊理論,找出經常一起發生的入侵行為以及入侵行為的間隔時間,減少警訊數量,並提高偵測比對封包效率。異常偵測部分則是利用Poisson機率分配,建構正常網路行為,找出新型攻擊,並降低異常偵測一般容易誤判的情形! I AM Intrusion detection model Intergrades Anomaly detection and Misuse detection into Intrusion detection model. We construct Misuse detection engine and Anomaly detection engine by layering the intrusion detection models to manage packets. Misuse detection engine uses data mining and fuzzy time theorem to discover sequential relationship among the intrusion activities and the time intervals between them. This engine could reduce alerts and make the detection more efficiently. Anomaly detection engine uses Poisson distribution and Binomial distribution to construct normal network activities for detecting unknown network attacks, and to reduce false alarms.
