Research And Design Of Distributed Intrusion Detection System

With the development of the Internet, the computer network security has received more and more concern. At present the most popular network security solution is the Intrusion Detection System and the Firewall System, but the Intrusion Detection System produces a lot of Alert and False Positive, and they only can detect passively, cannot defense actively, so they cannot carry on the comprehensive protection to the network. Therefore a kind of brand-new network security architecture is urgent needed to solve these problems.The author analyses the good and bad points of many kinds of security defense mechanism and the development tendency of the network security, designs and implements component-based hierarchical Distributed Intrusion Detection System.It has good performance and can be expanded easily.It combine the Intrusion Detection System and the Firewall together, so it can carry on the comprehensive protection to the network.This article analyses the existing Intrusion Detection System and the Firewall System, designs and implements the Distributed Intrusion Detection System, obtaines the achievement as below:Takes part in designing the Distributed Intrusion Detection System, and explains the architecture and function of the system explicitly.Does a research in the implementation mechanism of the snort, and masteres how to write snort rules.Does a research in the steps of hackers'attack, masteres the general means of attack.Does a research and implements the alerts gather and format unification module.Implements network communication module, uses strategy design pattern to guarantee the dynamic expansion of the encryption and decryption module, solves security problems of the Intrusion Detection System effectively.Does a deep research in the principle of the alert fusion module, and implements based on the similarity alert fusion arithmetic.Does a deep research and implements the automatic response module, which is based on plugin mode, and implements the linkage with the firewall. Aim at the demand of the local area network security, uses this Distributed Intrusion Detection System to carry on the protection for it, and the experiment receives some good effects.