| Due to the rapid growth of networked computer resources and the increasing importance of related applications, intrusion activities, which threaten the infrastructure of these applications, have become one of critical problems to be resolved. Intrusion Detection is a kind of new security technique, apart from tradition security protect technology, such as firewalls and data crypt. IDSs watch the computer and network traffic for intrusive and suspicious activities. They not only detect the intrusion from the extra hackers, but also the unauthorized access by the internal users.With the widely adoption of distributed computing environment, Distributed Intrusion Detection System has developed into the focus of Intrusion Detection. In this thesis, we study the management of alerts in a multi-intrusion detection systems environment, which is one of the critical problems in Distributed Intrusion Detection.We first describe the standardization of IDS, including CEDF presented by DARPA and a series of drafts presented by IDWG. Considering the structure of our system, after introducing the status of researches on Intrusion Detection, We present the architecture of distributed cooperative intrusion detection system. We then develop a cooperation model to analyze alerts and to generate more global and synthetic alerts. We specify the details of the four functional components of the model: alert database management, alert clustering, alert merging and alert correlation. The alert management component stores alerts in a relational database. The approach is compliant with the IDMEF format currently being defined at the IETF.
|
PDF Full Text Request