A New Intrusion Detection System Based on Protocol Acknowledgement

Pattern matching method has been used in this paper, and intrusion detection method based on protocol acknowledgement is proposed. We analyze how to determine the time interval value of ΔT and the threshold value of N, and the existence of direct proportion relationship between ΔT and N is proved. The protocol acknowledgement module includes packet filtering and state protocol analysis techniques. Packet filtering technology can filter out the packet that the system does not care about to improve the efficiency of intrusion detection and security of the system itself; state protocol analysis technology that captures the data and maps for the state sequence accurately characterizes the process and attack steps of the protocol, which can effectively detect the invasion of multiple data packets collaboration. DDoS attack device is used to simulate the attack in the experiment. Experimental results show that the protocol acknowledgement method can effectively detect the attack that is similar to "TCP SYN FLOOD" and "Ping probe" attacks.