| With the increasing need for Internet, network security has gradually become important for Internet and further development of network services and applications. As an active defensive network technique, IDS has been an important component of network security system. But facing complex network environment, existing intrusion detection system exposes many deficiencies.Aiming at low rate of detecting complex attract existing in NIDS, this paper proves advantages of using stateful intrusion detection techniques to detect multi-step attracts. Now IDS is facing a challenge from high-speed network. As network become faster, there is an emerging need for security analysis techniques that can keep up with the increased network throughput. Existing network-based intrusion detection sensors can barely keep up with bandwidths of a few hundred Mbps. Especially for detecting attracts that are aiming at protocol exposure using stateful intrusion detection technique, it needs to maintain state between different steps of an attack, otherwise it can not detect the attacks accurately, so this method can not be used in high-speed network environment. To resolve this question, this paper puts forward a new approach that supports in-depth, stateful intrusion detection on high-speed links. The approach centerers around a slicing mechanism that divides the overall network traffic into subsets of manageable size. After consulting related research, this paper establishes architecture of high-speed intrusion detection system based on data distribution. At the same time it adopts dynamic load balancing strategy to avoiding too much traffic sent to one sensor, this method increases agility of NIDS. The establishment of the system is an effective blue print. At last this paper present how the key modules are realized. |
PDF Full Text Request