Research On Distributed Intrusion Detection Architecture Based On Snort

As a dynamic security equipment, Intrusion detection system (IDS) can safeguard information security automatically and real-timely. It is a supplement to the static security equipments such as firewall, so more and more attention has been paid. Now along with the popularization and application of network, The distributed intrusion detection system (DIDS) has become the mainsteram of technology development and preceding research field.In the research of intrusion detection technology, on the one hand is how to improve the detecting capability to adapt for the more and more complicated attack methods. On the other hand is to apply the agent technology to the structure design of IDS, so as to adapt for the myriad network, high speed network and distributed heterogeneous network environment.In this paper, try to combine the technology of multisensor information fusion technology and the distributed intrusion detection system(), applying free software Snort, the model framework of DIDS Based on Snort is set up, hope to process uniformly all kinds of data and information from multiple heterogeneous distributed sensors so as to evaluate the security situation of all network environment, to resolve the problems which Snort ids is limited only to safeguard single host system or network system, the shortage which Snort ids monitor not enough to Heterogeneous system and myriad heterogeneous network environ, Not meet the need of events dispersal in large network and network components distribution in space.By applying the technology of multisensor information fusion to distributed intrusion detection system, the model framework presented in this paper to form a tree-shape hiberarchy that has no center but delamination, so as to realize information fusion, information reduction, information abstract layer upon layer, It has such specialities as retractility, robustness, expansibility and so on, So it adapted for Internet's secure response in the myriad heterogeneous network environment and satisfied secure requirements from monitor or evaluation.