| Intrusion Detection System (IDS),which is a kind of security device actively protecting network resource, acts as the rearmost defence line against network attacks. It is necessary complement to other security products and can not be substituted. However, currently most IDS products are not compatible and can not friendly cooperate with each other, and a single system usually generates many false positives (corresponding to a false alert) and false negatives (corresponding to a nondetected attack). If several IDS devices or different sensors of IDS could share imformation of intrusion and make overall judgement, the correctness of their detection to the whole intranet would be improved.The dissertation takes the DIDS's speciality and the standard IDMEF/IDXP of IDWG, it introduces the mechianism of message exchange between IDSs and the implementation of a secure, extensible, and light software platform—CIDSSP (Cooperative Intrusion Detection System Supporting Platform).The paper designs the data structure model of common cooperative intrusion detection system, and standardizes the data format, as well as the secure communication mechanism. By these the system's capability of describing secure events is greatly enhanced, and its applicability is also improved.By implementing modules of data encrypting, entity authentication, data integrality protection of intrusion detection system, it achieves end-to-end security in the open net environment. So that reliable data transmission could be carried out.CIDSSP takes advantage of sharing information between IDSs, and provides decision-making for events analysis, real-time response, and attack tracing. In addition, it makes possible letting different security devices cooperate with each other. |
PDF Full Text Request