| Since network security defense systems including traditionalfirewall, identity authentication and encryption techniques haveflaws and shortcomings themselves, this makes intrusion detectiontechnology a new hotspot in network security area. In contrast withpassive defense, intrusion detection can actively and in the realtime trace intrusions that cause damages and respond immediately.It is especially useful in defending insider attack and becomes aline of defense behind firewall. The survey shows that with thedevelopment and extensive application of Internet, intrusiondetection technology has great potentials. But, the current situationis that people lack understanding of intrusion detection andintrusion detection technology is not as mature as firewall. Thus,further research into intrusion detection is important.This paper firstly introduces the current network securitysituation, concepts concerning intrusion detection, its developmenthistory and common intrusion detection model. The intrusiondetection systems are classified by data source into host-basedones and network-based ones; by detection algorithm into anomaly-based ones and misuse-based ones; by architecture intomonolithic-based ones and distributed-based ones. Theiradvantages and disadvantages are analyzed. Against theseproblems, the paper proposed a misuse-based distributed intrusiondetection system model in Linux platform using C language. Thecomponents of distributed intrusion detection system and a meansof communication between them are designed and implemented indetail. A test for distributed intrusion detection system using attackcases is performed. The results show that the system is correctlydesigned and high-performance. The high performance lies in thatthe tasks and functions between different levels are independentwhich helps allocate function, management and interaction ofinternal information. When it is necessary to add, delete or updatea sensor, analyzer or alert collector, we only need to operateaccordingly which make the system extensible. If the sensor oranalyzer is at flaw, this only causes decrease in accuracy ofdetection and does not affect others which make it robust. But thesystem has some shortcoming. Since intrusion detection...
|
PDF Full Text Request