Research Of Hierarchical Distributed Intrusion Detection System

Network security is a dynamic and holistic system, but traditional security model is a static and isolated one. Firewall, intrusion detection, virus protection and other security tools have their own defects. Moreover, linkage formation is lacking in Network Intrusion Defense. That means these security tools can not be a timely and effective manner to protect the security of the host. Therefore this paper designs a network security model-Hierarchical Distributed Intrusion Detection System, In the ministries started a more detailed discussion, and gives a specific method.First of all, this paper analyses the Distributed Intrusion Detection System, and sorts out its advantages and disadvantages. Meanwhile, paper also points out that the Hierarchical Distributed Intrusion Detection is an important trend of the Network Intrusion Detection research. And then, in the third chapter, this paper illustrates the structure of the Hierarchical Distributed Intrusion Detection System. Second, paper analyses the three levels of network defense thoroughly, that is Firewall and Intrusion Detection Module linkage technology and its implementation, the internal hosts and the internal subnet. and this analysis is based on the realization of dynamic firewall technology, the optimized pattern matching algorithms, as well as peer-to-peer network-based design for Distributed Intrusion Detection System. In order to test the feasibility and effectiveness of paper-based Linux environment, the use of Snort intrusion detection system software to build a distributed test platform, given a firewall, IDS, etc. related to the host and server configuration, carried out mock attack detection experiment, the test results are analyzed.Based on the key parts of the network intrusion prevention research, Construction of a Hierarchical Distributed Intrusion Detection System, The system allows the firewall rule set in the system can be dynamically updated automatically; the efficiency of host-based intrusion detection is improved; the single point failure and the efficiency bottleneck of traditional intrusion detection system has been optimized accordingly. After experimental verification shows that the system can improve Intrusion Detection System effective for enterprises to improve network intrusion detection system provides a feasibility plan.