| With the comprehensive analysis of the vulnerability of the network and intrusion behaviors, the network based Intrusion Detection System (IDS) becomes more and more important in network security. In the mean time, this young field also meets many challenges today. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detection as well as how to realize the interoperation among the IDSs and other security products. According to these challenges, Distributed Next-Generatino IDS is becoming a hot area and also is the subject of this paper.After introducing the corresponding background knowledge and analyzing the protocol frame releated to IDS , this paper fucuses on these following parts:1. To guarantee a low packet loss and to increase the detection ability of IDS in high speed network, an improved data collection engine is designed. A distributed and parallel detection model is introduced in this paper then. In the new distributed and parallel model, we want to further increase the performance of the whole system by the co-detection of the multiple nodes in the same communication field. Testing results are presented here, and can be taken as a helpful reference for the further research. 2. The application of the protocol analysis technology in IDS is also discussed in this paper. In this part, many protocols are analyzed (from datalink layer to network layer) and some important data structures are also presented to describe the detail of this module.3. According to the information exchange among the IDSs, this paper introduces and analyzes an important protocol , IDMEF(Intrusion Detection Message Exchange Format). Then, it describes how to efficiently support this protocol in Distributed Network IDS using Object Oriented method. |
PDF Full Text Request