Abstract: This paper gives an introduction to the principle of intrusion detection, explanins what is CIDF and why CIDF is needed. Based on these material, it designs a model for intrusion detection according to CIDF. To give the model high performance, it uses chains in memory to save the information of all events occurred in running time and standardlize data from the these events. In the end, it put forwards some points about expanding SID and some SIDs applied in anomaly detection.

Key words: Intrusion detection, Generalized intrusion objects(GIDO), Common intrusion detection frame(CIDF), Data standardlization

摘要： 在分析入侵检测系统原理及通用入侵检测框架（CIDF）的基础上，按照CIDF的结构要求，设计了基于CIDF的入侵检测系统原型。在系统实现的内部机制上，采用链表的形式保存各类事件的完整信息并按CIDF的要求进行检测数据的标准化，为系统构件共享信息提供高效、准确的保证。结合实践，指出了用语义标识符SID扩充以适应异常检测方面的问题。

关键词: 入侵检测, 通用入侵检测对象, 通用入侵检测框架, 数据标准化

CLC Number: 

• TP393.08