Communication Of Components In The Distributed Intrusion Detection System

With the arrival of information age, network technology has gotten the extensively being used day by day in all respects. People are more and more in reliance on network. If network is attacked and network stops services in large range, all can be influenced from personal daily life to the normal run of government. Network security not only concerns individual privacy, enterprise's interests but also concern the national security at the same time. By the end of 2002, the number of online computers of our country has already been up to 20, 830,000, and the total number of user is 59,100,000. But in the world, network security level of our country rank into grade lowest" fourth order". The only solution to change the situation is that we should strengthen the research of network security. We will not get complete security until we produce our own product of network security.Intrusion Detection is new security technology. The Intrusion Detection System (IDS) watch the computer and network traffic for intrusive and suspicious activities. They not only detect the intrusion from the extranet hacker, but also the intranet users. The Distributed Intrusion Detection is a developing direction of IDS. The communication of components is a key problem in DIDS.In this paper, a mechanism of communication among components of the distributed intrusion detection system is designed and implemented. It includes the follow content: authentication of components, encryption, and the description of the intrusion's messages. CIDF is a standard of intrusion detection system. The IDS is on the basis of CEDE It is made up of four components: Event Generator, Event Analyzer, Response Unit and Policy Server. Event Generator collects events. Event Analyzer deals with the events and sends out the instruction of responding. Response unit executes the instruction. Policy Server is not a part of the model of CIDF. The policy server refers to Kerberos system. It realizes concentrate authentication and key management. Communication among components isencrypted with IDEA(International Data Encrypt Algorithm). The encryption prevents invaders from through eavesdrop and get sensitive message. The format of detection information follows CISL (Common Intrusion Specification Language). And the primary API of CISL is implemented in this paper.