Application Research On Intrusion Tolerance Technology In The Intrusion Detection Framework

Along with the development of information technology and network applications, the situation of network security is increasingly grim. At the same time, the concept of network security is continuously deepened and expanded. How to effectively protect the important data information and enhance the security of computer network system is important issue that must be currently considered.As the core of the third generation network security technology, the goal of intrusion tolerance technology is to ensure critical functions continue to run and critical systems continue to provide services when the errors or intrusions are occurred, thus, it can guarantee the security and operability of system by measurable probability.Firstly, this paper describes and discusses in detail about intrusion detection technology, Common Intrusion Detection Framework and intrusion tolerance technology, then it summarizes the concept and research achievements of these technologies. On this basis, by adding intrusion tolerance unit and control center in the Common Intrusion Detection Framework, this paper proposes an improved intrusion detection system model based on intrusion tolerant technology, which makes the intrusion detection system model have intrusion tolerance function. The intrusion tolerance unit is controlled by running monitor, and supported by the state transition algorithm and process migration algorithm. The protected network system is divided into ten security states, each state corresponds to a different security policy to enable the system have the ability to restore the reconstruction, namely, the attacked system can still provide services. when the system is subjected to intense attack, the state transfer algorithm can not run, then the invaded system begins process migration, the migration processes are suspended on the source node and the information involved in process reconstruction is sent to the destination node, on destination node, the processes run from checkpoint, which makes the system resume normal function.Finally, this paper builds test platform, encode and carries out simulation and performance analysis on the improved intrusion detection system model based on intrusion tolerant technology. This paper selects two typical attacks including DoS and the PROBE attack to carry out experiment, experimental results show that the system has certain ability of intrusion tolerance and for common attack types, it can effectively detect and defense.