Research On And Implementation Of Distributed Intrusion Detection System Based Layered Structures

With the development and popularization of the computer network, people are sharing the conveniences of the network, and paying more and more attention to the security of the network itself at the same time. Intrusion detection, named the second defend line of the network security, is become the necessary part of the network security system, as it can identify the intrusions positively and respond on the decided policy, which can be effective make up for the limitations of the traditional security defend techniques.Researching on the distributed intrusion detection system and taking account of the application background, we bring forward the architecture of the intrusion detection system called Based Layered Structures Distributed Intrusion Detection System (BaLaSDIDS). The BaLaSDIDS is made up of the layered structures, each of them can carry out a certain detection and response independently. Moreover, by analyzing the information that its low-level structures report, the high-level structure can detect the attack which acts in larger range and is more complicated. The design and realize of the prototype system are also our aims in this paper.In addition, some important problems concerning to the implementations of the system are also discussed in this paper. A new communication mechanism, part-received, is referred to better solve the limitations of the both centre and disperse distributed system. In the light of the shortcoming of the BM algorithm, we put forward a new effective pattern matching algorithm and expand it to the multi-pattern matching. This algorithm is collateral, which means it can complete the matching search of all the patterns in once searching, so it can do the detection faster and more effectively. After discussing the designing and foundation of the intrusion signature rule set, we realize a method of drawing intrusion signature rule, which classifies the data streams by using the data mining technique. Finally, we introduce theimplementation techniques of the BaLaSDIDS, and point out the next research aspects in the end of the paper.The architecture of the BaLaSDIDS is considered about the application background, but its ideas of hiberarchy, communication and collaboration mechanism are the references of designing distributed system. Furthermore, the pattern matching algorithm and the method of drawing intrusion signature rule are also having the advantage on each application. The experiments show that the BaLaSDIDS can achieve the detection, process, and respond of the intrusions distributed and intellectualized.