Research on intrusion detection based on network events and deep protocol analysis

The problems for restricting NIDS were investigated.Based on network events and deep protocol analysis,a new model MIDM analyzing and integrating network intrusion was proposed.After extending ABNF to describe network events,a new NIDS was built based on MIDM.Experimental results proved that,comparing to the current mainstream NIDS,the model MIDM can work effectively with less false positive rate and less redundancy of rule base.And if net-work stream and rule base were extended quickly,the CPU utilization of new model's would remain low growth,which makes MIDM better adapt to high-speed network.And it's also able to detect some unknown attacks and sustain rule gen-eralization.