The Design And Realization Of Distributed Network Intrusion Detection System

Currently,along with the high development of the Internet, the techniqueof Internet is already extensively applied in each realm such as finance,business, politics and military affairs etc..People use the Internet more andmore in work, study and live, the whole movements of societies all take upthe express train of the Internet, and beat up the branding of the Internet.Internet has already becomes the social people's Internet of almost everytrade from the one of the professional Internet.This brings many conveniencefor people in the use of information and share of resources. However, thebenefit and frauds that the development of anything brings seem to be aantinomy that can't temper forever.When Internet brings convenience forpeople,it also put forward the rigorous challenge to the safe of theinformation because of its dispark and shares. Operating system, applicationsoftware and the hardware equipments will exist some safe leaksinevitably,the design of the network protocol itself also exists some safeproblem,which all provide the opportunity for the hacker to invade systemusing unusual means.The technique of firewall is mostly in common use against the networkinvasion, it is the combination of a series of parts that setted among thedifferent network( such as dependable internal net of the business enterpriseand fly-by-night public nets) or network safe area,it belongs to a kind ofnetwork tool with passive defensive,so only using the firewall if notenough.Firstly,the invader can find out the limitation of the firewall,roundingthe firewall to carry on the attack.Secondly,the firewall is incapable for theattack that comes from the inner part.In this kind of case,the technique ofintrusion detection emerges as the time requires.It is one important part of thedynamic safe model of P2DR,is thinked as the second safe gateway after thefirewall,it can provide the defence to the network without affecting thefunction of the network ,thus can provide the timely protect for the innerattack,exterior attack and the mistaken operating.Along with the highly development of the computer technique andnetwork technique,the extensive adoption of the distributed calculationenvironment,the great storage and the spread of the high bandwidth transmittechnique, traditional intrusion detection system based one computer hasn'talready satisfy the need of the safety.The techniques of the hackers usedevelop quickly,especialy the emergence of the DDoS(Distributed Denial ofService),which has made DID(Distributed Intrusion Detection) an importantresearch point of the intrusion detection and the whole network safety.Thistext studys mostly the key problem of the DID faceing to the large-scalenetwork.Firstly this text carries on the analysis to the present condition of thenetwork safety and a series of safe problem it faces,then point out the limitof the firewall;and we specify intrusion detection system's importance tomaintain information system and computer network system, after that, weadvance the work to be completed in this paper ——studying distributedintrusion detection system aiming to large scale network,and also point outthe aim and the meaning of the study. Then we study the concept of invasion,principle of invasion and the technical classification of invasion,and we alsointroduced the background of the intrusion detection concept put forward andthe workflow of the ids,and some direction of the further development. Lateron we introduce the background and advantages of the distributed intrusiondetection based on the analysis of the distributed denial of service;andanalyse the advantage of it compares with traditional ids.And then weintroduce the system architectures and specific intrusion technologies ofsolving distributed intrusion detection system of both here and abroadaccording to method based of modules and method based of agents, includingsome prototypes under experiment and some mature criterion.As to the aspect of the system analysis and designing, this paper putforward a hierarchical cooperation hybrid distributed intrusion detectionsystem model. This model divides the network under protects into severalsecurity areas, and it is composed of sensor agent, monitor agent andcountermeasure agent. The function divisions of the components use thereference of CIDF model, and we do our best to make the function of themodules full and independent. This model embodies the feature of distributed...