Intrusion Detection And Security And Defense Co-control Study

This paper is supported by National High Technology Development 863 Program of China, No. 2003AA142060 and No. 2001AA142100, about Cooperative Network Security.Coordinated defense is one of network security technology development directions. Accurately analyzing attacks is a key problem, so the paper studies intrusion detection technique which focuses on decreasing high false positive rate and high repetitive alarm rate. There are many problems to be resolved about intrusion detection system (IDS) in high speed network environment, so the paper studies related techniques on IDS in high-speed network, as well as related techniques on coordinated control among security systems.The main work and innovation of the research are shown as follows.1. A model about Determinate Concurrent Transfer Object-Oriented Petri net (DCTOOPN) is presented, and formalized description of DCTOOPN is introduced also. Non-determinate concurrent transfer is translated to determinate transfer through defining concurrent transfer rules in DCTOOPN, which can be used to describe invasion behavior. The states explosion and attacking model's re-usability problems are also resolved in DCTOOPN.2. A Distributed Intrusion Detection System (DIDS) based on DCTOOPN is established. A translation algorithm is proposed, which generates Java code from DCTOOPN model and is applied in the analyzing engine. Then a Distributed Intrusion Detection System based on mobile agent is designed. Experiments prove that the system can decrease false positive rate and repetitive alarm rate.3. A dynamic data-distribution architecture in high-speed network is proposed, which takes advantage of Linux Ethernet bridging firewall framework. The technology of data-distribution in link layer is proposed, which resolves problem of invasion information loss brought by filtering in network layers. Considering the characteristic of IDS, an novel distributed algorithm — Optimum Integrity Dynamic Balance Data-distribution algorithm(OIDBD) —is presented, which maintains the connection...