在当今网络的入侵事件频频发生,使得网络变得十分不安全,因此为了增强网络的安全性,必须加强入侵检测技术的智能性。在入侵检测技术中误用检测和异常检测是2种主要检测技术,为了进一步地提高误用检测算法的智能性,减少漏检率,因此作者在查阅了已有的入侵检测算法和某些智能算法之后,提出了一种具有一定智能性的检测算法。该检测算法的思路是:首先通过计算某种代码的权值来判断该程序的行为是属于恶意行为还是善意行为,之后使用决策树对恶意行为和善意行为进行分类。如果是恶意行为,那么再使用相似性算法对该行为进行相似性计算,最后使用BM算法对恶意代码行为进行识别,从而达到检测恶意代码的目的。该文提出的算法在一定程度上能够提高入侵检测算法的智能性,将相似性计算算法,决策树算法和权值计算算法在入侵检测系统中进行应用是本文的创新点。 In today’s network, frequent incidents of intrusion, making the network become very unsafe, so in order to enhance the security of the network, we must strengthen the intrusion detection technology intelligence. Intrusion detection technology, misuse detection and anomaly detection are the two main detection techniques, in order to further improve the misuse detection algorithm intelligence and reduce the missed detection rate, so the author has access to existing intrusion detection algorithms and some intelligence After the algorithm, we propose a kind of detection algorithm with some intelligence. The idea of ​​the detection algorithm is as follows: Firstly, the weight of a certain code is calculated to determine whether the program’s behavior is malicious or goodwill. Then, the decision tree is used to classify malicious behaviors and goodwill behaviors. If it is a malicious behavior, then the similarity algorithm is used to calculate the similarity of the behavior, and finally the BM algorithm is used to identify the malicious code behavior so as to detect the malicious code. The algorithm proposed in this paper can improve the intelligence of intrusion detection algorithm to a certain extent. The application of similarity calculation algorithm, decision tree algorithm and weight calculation algorithm in intrusion detection system is the innovation of this paper.