Study On P2P Based Distributed Intrusion Detection System Model

While the Internet provides opportunity for people, it also gives chance for hackers. Hence the security of network becomes the concerns of people and focus of researchers. Among various security measures, intrusion detection attracts more and more attention of academic researchers, because it may overcome the shortcomings of traditional security technology. There are four challenging topics in the research such as intelligent intrusion detection algorithm, large scale distributed intrusion detection system (IDS), self-protection of IDS, and IDS over high speed network.The thesis studies and discusses the cutting edge researches systematically and thoroughly, and proposes solutions to the challenging topics above. The reaserch is supported by innovation fund for small technology-based firms under grant No. 03C26215100249 and the hi-tech research and development program of china under grant No. 2003AA116060. The main contributions of the thesis are as follows:1. Presenting a novel Peer-to-Peer distributed IDS architecture P~2IDSMThe P~2IDSM employs multi-agent structure without control center, which solves some problems of existing IDS like close coupling of components, fixed structure and less resilience to intrusions behavior and dynamics of network and hosts. The proposed architecture could be applied on WAN. The thesis analyzes the distributed communication mechanism and presents domain-based server connection mechanism for P~2IDSM, which addresses the problem of heavy traffic of existing distributed IDS.2. Presenting situation based adaptive load balancing mechanism and destroy-resistant mechanism of P~2IDSMA load balancing mechanism in P~2IDSM is proposed which uses cruising agents to balance the load in system. Policies of load balancing are designed. P~2IDSM can rationally and dynamically balance load in changing environment, and overcomes the shortage of existing IDS in low efficiency resulted from non-balance of load. A destroy-resistant mechanism of P~2IDSM is proposed which is based on flexible framework of cruising agent, management agent, and watch agent, and based on proposed destroy-resistant protocol. P~2IDSM can be rapidly reconstructed when its component, host and network failed. Adaptive load balancing, destroy-resistant and other features enable...