| IDS(Intrusion Detection System) collects data from computers or network and analyses them for intrusive and suspicious activities. As a new technology of network security, IDS makes up for the gap of the security protection ways by using firewalls or something else, supplying real time intrusion detection. Besides developing towards the distributed direction(eg.Ddos), the attack adopts some new data processing technology ,which makes its destruction and concealment increased. Correspondingly, IDS has also been developed to distributed architecture.AD-NIDS, a new distributed network intrusion detection system based on agent, is constructed referring to CIDF(common intrusion detection framework) . It divides the functional parts of IDS into relatively independent parts: Detector Agent,Central Analyzer, Response Agent, Storage Agent,Control Center.Event Analyzer is the kernel component in CIDF and composed of Detector Agent and Central Analyzer in AD-NIDS. AD-NIDS has good distributed and scalable ability and conveniences the system administrators.In AD-NIDS,the intrusion rule is made up of two parts:rule header and rule option.In the implementation of the Detector Agent, the combination of network protocol analysis and pattern match technology is used, so the searching scope is reduced and the speed is improved. In order to detect the distributed attacks such as IP-Spoofing,Central Analyzer,a collaborative detection component, is introduced into the system which data come from the suspicious results of analysis of Detector Agents. Because system is in paralysis after one single Central Analyzer halts,several idle Central Analyzers are added into the system.They compete for being coordinator through using a election algorithm after the active Central Analyzer stops working. Thus, the robustness of the entire system is enhanced.
|
PDF Full Text Request