Research Of Distributed Intrusion Detection Systems

With the development of Internet, the network services, such as E-Bank and E-Commerce are becoming the part of life. But because of the shortcoming of the design of the Internet, network attacks that intrude our system or get our information are increasing. People have realized the importance of network security.The Intrusion Detection is a new security technology, apart from traditional security technologies, such as firewall and data encrypt. The Intrusion Detection Systems (IDSs) watch the computers and network traffic for intrusive and suspicious activities.One of the research emphases of intnision detection is how to analyzes the received data to build an effective, adaptable and extensible intrusion detection model. In this paper, basing on the research of Common Intrusion Detection Frame (CIDF) and the implement strategy of intrusion Detection System, we design a component- oriented Intrusion Detection System, with good distributed and scalable ability. Firstly, we construct the whole structure of the system, which is made up of packet capture, protocols analysis, rules generating, real time detection, events base and rule base. There into, packet capture, protocols analysis and real time detection forms Intrusion Detection Agent (IDA) supporting distributed deployment, so it is a true distributed intrusion detection system; secondly, develop an efficient network data capture system and a protocols analyzing arithmetic, which can primly adapt to the requests to recede the percentage of packets loss, transmit packets in a real time and watch abrupt or high flux network data.This thesis is divided into six chapters altogether. Chapter one the introduction, have introduced the background that the subject of the thesis puts forward mainly. Chapter two intrusion detection technique and development, introduced the system structure, analytical method and development of intrusion detection system in detail, meanwhile pointed out the questions existed of other detection systems at present, provided the advantages of the system supporting distributed detection technique. Chapter three introduced the foundation of protocols, common attack method and principle, the norms and standards of the intrusion detection system. Chapter four introduced systematic function and performance, the basic structure of the system mainly. Chapter five introduced the detailed design of each function module of the system and usage, the focal point is the data capture system and protocol analytical system. This text finally pointed out the existing deficiency designs and working direction in the future.