Intrusive behavior analysis based on honey pot tracking and ant algorithm analysis

In this paper, a novel intrusion behavior analysis mechanism based on the design of honey pot and the diagnosis of ant colony algorithm has been proposed. In which, there are monitor module, track module, and analysis module developed. The intrusive behavior is then analyzed through the above modules. In the developed honey pot, all of the architecture, database, directory, security parameters are updated dynamically and timely to evade the probe test from the intruders. To record the traverse of an intrusion, the pheromone will be deposited as discovered. In addition, in order to exactly and correctly measure the capability of the intruders, the content of those discovered file, path and database will be updated and the security setting will also be enhanced timely to raise the difficulty of visiting or access again. All of the traverse of intruders and the corresponding behavior will be analyzed based on ant colony algorithm. Experimental results demonstrate that the proposed IDS mechanism possesses good efficiency and performance.