Font Size: a A A

A Study Of A Distributed Intrusion Detection Model

Posted on:2006-12-01Degree:MasterType:Thesis
Country:ChinaCandidate:Y ZhangFull Text:PDF
GTID:2168360152490191Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
The rapid development of computer network offers great convenience of resources sharing and information exchange. Because of the openness and the share of computer network, its security is concerned by the people more and more at the same time. With the increase of attack means to computer network and crime in network, a greatly economic loss and other loss happened in every walk of life.As a kind of active measure of Information Assurance, Intrusion Detection acts as the effective complement to traditional protection techniques. The dynamic security project, including policy, protection, detection and response, can greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats.With the development of computer and network technologies, the widely-adoptive distributed computing environment, and the popularization of wide-band transportation, traditional centralized intrusion detection systems based on stand-alone computer are unable to meet the security requirements. As a result, Distributed Intrusion Detection (DID) has developed into the focus of Intrusion Detection and the whole realm of Network Security. In this thesis, we study several critical problems in Distributed Intrusion Detection.After introducing the status quo of research on Intrusion Detection, we go deep into Distributed Intrusion Detection Systems, including their functions, rationales, structures. Pros and Cons and some representative prototypes. After that, we discuss the advantages and difficulties of DIDS.Considering the detection structure of our system, we classify existing Distributed Intrusion Detection Systems as dendriform as a tree by data sources and the working of analyse engine. Afterward, we classify intrusion as external and internal intrusion by data sources. On the basis of the above discussion, an agent-based distributed intrusion detection model is proposed. It is distributed, intelligent and maintainable, and not only resoles the problems of scalability and a single point of failure effectively, but also enhances the whole system's detection efficiency and reduces response time greatly. After that, we introduce Information Abstraction Level to characterize the logic abstraction hierarchy of audit data in the process of Intrusion Detection.We apply the intrusion detection technology which joins Misuse Detection with Abnormal Detection to our system organically. This way increases detection efficiency and decreases the number of False Negatives and False Positives. After that, we apply the technology of Data Mining and Data Fusion to abstract information from new intrusion to come into being new knowledge.We describe the principle and technology of our distributed intrusion detection system in detail. Then, we describe several experiments conducted for the sake of testing the ability of detection and response of our system. Results of experiments show that our system can detect these attacks accurately and take instant countermeasures to block intrusive connections.
Keywords/Search Tags:Distributed Intrusion Detection, Data Mining, Agent, Intrusion Response
PDF Full Text Request
Related items