| With more and more site intruded by hackers, security expert found than only use crypt technology to build a security system is not enough. The Intrusion Detection is a new security technology, apart from tradition security protect technology, such as firewall and data crypt. IDSs watch the computer and network traffic for intrusive and suspicious activities. they not only detect the intrusion from the Extranet hacker, but also the intranet users.As the Gigabit (1000Mbps) Ethernet has become the de facto standard for large-scale networks, the current network intrusion system that is based on network cannot meet the requirement of processor and memory. We can predict that Gigabit IDS can't satisfy the requirement of the user. In this case ,we propose a data distribution method that will divide the whole traffics volume into several smaller streams for detection. In this method ,we use five elements to solve this problem. Such that the performance of the whole IDS system can increase significantly.This article researches in the question of based static rule set IDS's high rate of false negatives and false positives in the high-speed web environment, unbalanced performance, provides the concept of analytic intensity and favorite rule set, builds a model of dynamic rule set. It could dynamically regulate the rule set order according to the match , in order to improve integrated performance of IDS. At last this article give the realization by using netfilter and net bridge. We also give the realization in application layer. Finally, we do experiments to compare these three methods.
|
PDF Full Text Request