ABSTRACT
With the increase of sensitive information that needs to be stored and processed by network, security issues gradually become the most important issue in the network and system. As the complexity of new system increased, the existing defense technology is not enough, intrusion detection and response is a necessary “firewall” that can ensure the security of network and system [1]. The traditional intrusion detection and response is based on past experience and uses manual signature and encoding. In this way there are some flaws:
1 Need to hand-code for large amounts of data collection, analysis, model generation.
