The Design And Implement Of A Distributed Intrusion Detection System

Today, the wide application of the Internet facilitates the working and living of people greatly. But the security threat faced of the network makes people's normal life interfered. In the past, security defense measure mainly adopts the technology of firewall, but there is its limitation in the firewall, it can't find the attacks that come from the local net. So the Intrusion detection technique comprises another security gate following the firewall.This Paper designed a distributed intrusion detection system, which based on the component. The system is made up of the data collector, the memory system, the daily record set, the control system, the analysis engine, the communication component and theresponse system. What the systematic design adopted is module design philosophy. Each function component can run independently, work in coordination and exchange information each other. It is carried on unified management by the control system, which makes every part in the system give full play to its own functions. That not only simplifies the complexity of data interchange among other components, but also makes the components distribute on different computers easily.System separates the data collector from the analysis engine, so the analysis engine can be absorbed in analyzing characteristics of intrusion behavior. The data collector carries on preliminary filter to the network wraps, then refer the formatted incident to the upper component directly. That makes analysis and make policy of the upper component complete transparent to the ground part. The data collector can test and recombine the segment datagram, easily find the attack that utilized the recombined datagram, thus improve the speed of detection. Having adopted the temporary storehouse and permanent storehouse, the memory system becomes moreeffectively using the limited disk space. The regular storehouseadopts the organization of the chain structure, so it can be more effectively and convenient to inquire about. The daily record set can record some sensitive incident information and convenient to inquire about and analyze the intrusion information. The control system adopt main/second form, which may prevent making the whole system paralysis owe to the control system be spoiled. Using the configuration files that organizing into the tree type, the control system manages and configures each part among the system. It is analysis engine that use protocol analysis and mode match method which combine together, and improved match algorithm, improve the speed of detection. Using the specific communication structure, the communication component can carry on exchange of information between other IDS.This paper is made up of the following several parts:(l) Introduction to the network safe technology at present and common attack method in the chapter one; (2) Brief narration to the intrusion detection technique at present and IDS standardized work in the chapter two; (3) Narration to the whole design of thesystem in the chapter three; (4) And detailed narration to the designand implement of each part which made up the system in the chapter four.