The Design Of An Intrusion Detection System Based On Proactive Intrusion-tolerant Technology

A secure Intrusion Detection System (IDS) is important to ensuring the survivability of a system—one aspect of survivability is to offer continued services in the event of malicious attacks. Because an intruder may target the IDS first in order to facilitate further malicious activities, it is also important that any Intrusion Detection System (IDS) employed by the survivability mechanism be survivable itself.This paper identifies vulnerabilities for generic IDS by using Attack Tree and Attack Pattern Language, and argues that protection of the IDS itself must be dealt with before it can be relied upon to provide the security that is expected. Now some solution techniques and implementation strategies have been developed to protect IDS, but after we analysis current methods, we find that they can not completely prevent the intrusion and destroy to IDS, because it only can prevent IDS form failure. But, if IDS has already been failed by attacker, current methods can do nothing about it. Thus we need a new settlement to maintain acceptable intrusion detection services when intrusions occur to IDS.Focused all attention on the security weakness of Intrusion Detection System and the lack of solution to it, we propose a plan based on proactive intrusion-tolerant technology to protect Intrusion Detection System. The core of the plan, proactive technology which is used to compare the subsystem' s statuses when intrusion alarms are arrived and check the statuses periodically, provides intrusion-tolerant capability to the whole system. And the gap technology is used to protect the key of the plan-the voter, while the normal communication is guaranteed Because the corrupt of the voter will make the whole system loss intrusion-tolerant capability, and the attacker will destroy the subsystem one by one. Also the mandatory access control technology is used to protect the subsystem. By using all these we can ensure the safe of the whole system.At last, we implemented a simulation system and evaluated the IDS with proactive intrusion-tolerant technology, demonstrating its advantages in protecting the IDS from intruders, with the result that the proactive intrusion-tolerant technology can indeed protect our IDS. And we discussed and analyzed the performance of the system and how to set the key parameter.