Research On Distributed Network Defense-in-depth System Model Based On Snort

With computer technology and Internet's rapid development and extensiveapplication, network security problems become more and more prominent. Both the statictraditional network security technologies (such as anti-virus, firewall, etc.), or dynamicnetwork security technologies (such as intrusion detection systems, intrusion preventionsystem), if used alone, it is difficult to deal with increasingly sophisticated and complexnetwork intrusion. Thus, network defense-in-depth is imperative.Network defense-in-depth, from the technical point of view, is to achieve earlywarning, protection, detection, response and recovery on mainframes, networks andnetwork boundary. Among them, detection and response is the key point. Open-sourcesoftware Snort, as a high-performance cross-platform, light weight intrusion detectionsystem, with the inline module accession, is convenient to be intrusion prevention system.So, Snort has real-time intrusion detection and response capabilities and can play great rolein network defense-in-depth. Therefore, it is very necessary to build a networkdefense-in-depth systems.On base of above reasions, using network defense-in-depth as security strategy, usingopen-source software Snort as the foundation, using a distributed architecture, combiningmulti-sensor data fusion technology, we establish a distributed network depth defensesystem. The system has capable of data fusion from heterogeneous distribution of sensor inlarge-scale networks, so it can better understand the whole network space and cansuccessfully detect and prevent network corrdinated attacks. Besides overcoming theSnort's limitatin to a single host or network architecture and shortage of monitoring thelarge heterogeneous network monitoring, the system can resolve the problem that currentepidemic Distributed IDS's response for network intrusion response is not timely.In addition, due to the hierarchical structure of distributed and integrated a variety ofnetwork security technology advantages, the system has good resistance attacks, scalabilityand flexibility, achieves distributed intrusion detection/prevention and centralizedmanagement and control. The system makes a good balance among defensive intensity,network performance and security for the costs, and has large value of the theoreticalstudy.