| In the mid-1970, the people began to make systematic researches on constructing much level secure systems. The first system which was known by people in the early 80 last century, is that a technical report named Computer Securing Threat Monitoring and Surveillance which written by Jams P. Anderson, he told detailed the conception of intrusion detection. From now on, Dorothy Denning's IDES model was come into being. It was one of the most important achievement in IDS early study.In the end of 1980, some other system was opened up, they combine statistics theory with expert system.The watershed of intrusion detection system developing history is in 1990. In this year, L.T.Heberlein worked in university opened up NSM(The Network System Monitor). NSM is another milestone in intrusion detection system developing history followed IDES. From now on, intrusion detection system developing history opened another new page, intrusion detection system network-based and intrusion detection system host-based were formed. Soon, DIDS(distribute intrusion detection system) was studied which gathered host-based with network-based detection method, DIDS was a milestone product in distribute intrusion detection system history. From then on, intrusion detection system enter the stable developing stage.IDS called ids, it gathered information from many key point in computer network system , then analysis these information, and check if there has the action which transgress safe police and the sign attacked in network. The definition of intrusion detection: identify the evil intentions and activity. which was directed against computer or network resources, and make a response course. IDS can detect intrusion or activity which was directed against system by person or program, at the same time, it can keep watch on misuse of system resource by empower person. People divide intrusion detection system into network-based and host-based. The intrusion detection system based on host will keep watch on the safe record under the system, affair and Windows NT. If the files has changed, IDS will compare the new record item with attacked sign, check if they are mated. If they are mated, the system will alarm to administer and report to the other aim. The intrusion detection system based on network use initial network package to regard as data resource. The intrusion detection system based on network often use network adapter run after random pattern to keep watch on and analysis all communication pass through network.Now, there isn't unitary standard on ids, the operation between the system is very bad, so the factories exchange information according to CIDF(Common Intrusion Detection Framework). CIDF elaborate a common model of ids. It divides intrusion detection system into the following component: (1)Event generators; (2)Event analyzers; (3)Response units; (4)Event databases.To classify different detection environment, to use different detection way and technology to be direct against different environment, this is the thought of distribute intrusion detection. It use many detection component, each component use different detection method, work in coordination, accomplish detection task. This will benefit from all kinds of detection method, and raise detection efficiency and accurate. Distribute intrusion detection system component distribute each network node. The information gathered by component is simplified, delivered to central situation, working to analysis network affair and relation.Distribute intrusion detection system include boundary sensor, charged sensor, central controller three levels. The safe affair in network detected by boundary sensor, then it will make attacked response and report to charged sensor, they distribute network bound, they divided into many group according to network scale. There is a charged node in each group called charged sensor, which collect the data came from boundary sensor, then simplify them through local filter, deliver them to central controller. The central controller...
|
PDF Full Text Request