| Now computer network technology develops very fast, and the network security settlement scheme based on firewall and intrusion detection systems (IDS) does not prevent from hacker's intrusion. Thus we need a new settlement to maintain acceptable system services when intrusions occur.In this paper, we apply intrusion tolerant technology to IDS and introduce a new IDS based on tolerance (ITIDS). Its objective is to maintain acceptable system service in the case of existing intrusion by using a tolerance mechanism triggered by IDS.ITIDS runs under a state transition model, which represents the system behavior for a specific attack and given system configuration that depends on the actual security requirements. These states include good state, vulnerable state, degradation state and failed state. There are difference security policies according different state.ITIDS is only in charge of detecting the system state, regardless of the source of attacks. Then it sets corresponding system state by judging the information of system services, and carries out corresponding security policy.It is worst case, that a server probably fails to provide system service. Yet we guarantee that other servers go on providing the regular service for the clients.The main embodiment of the contribution of this dissertation is living below several respects:(4) Introduce a new IDS based on intrusion tolerant technology.(5) Achieving the linkage between IDS and the cluster.(6) Improve the pattern matching algorithm, speed up examination velocity.
|
PDF Full Text Request