Abstract: As an important component of the network security system, the IDS didn’t work as well as expected in practice. This article analyzes the essential problem of the current NIDS, where there is too much invalid information and the NIDS almost know nothing about the network environment, which it is in. Besides, it also presents some ways to improve the NIDS. So the NIDS could discover and analyze the network environment information and work more particularly and effectively.

Key words: Network-based intrusion detection system(NIDS), Intrusion detection, Passive network discovery, Data validity

摘要： 作为网络安全体系的重要组成部分，IDS在现实中应用并不理想。该文分析了当前NIDS存在的“无效告警信息过多，对所处网络环境一无所知”这一根本问题，提出了对现有NIDS的改进思路，通过对所处网络状况的被动发现和分析，发现当前网络的环境信息，NIDS能更有针对性、更加有效地工作。

关键词: 基于网络的入侵检测系统, 入侵检测, 被动网络发现, 数据有效性

CLC Number: 

• TP393.08