Research And Implementation Of Intrusion Detection System On Distributed High-speed Network

The technology of intrusion detection is used widely because it can detect the viciousattack from external-net and the destructive behavior from internal-net. However, because ofthe complexity and un-maturity of the technology, there are lots of problems in thesurroundings of large-scaled, distributed and high-speed network. These problems would bringup serious bad effect on the application and development of network security, if they were notsolved appropriately.At present, the intrusion detection system under the large-scaled and high-speed networkhas been come the research focus, but these systems exist the problems which are thesingle-node invalidation and inadaptable to the net-bandwidth increasing high-speedy. To solvethe problems better under the large-scaled and high-speed network, this paper tries to come upwith the solved method through the following several aspects:Firstly, put forward distributed intrusion detection frame based on area hierarchy. Relaxthe flux of network data by the dividing and rule's idea. Meanwhile, make the large-scaledintrusion detection system deploy flexibly and manage expediently. And use the idea ofbackup-host to solve the single-node invalidation. Secondly, bring forward the dynamicload-balance strategy based on Hash index. Put load-balance into intrusion detection by thecluster technology to distribute the network packets, so that make the whole intrusion detectionsystem adapt to the flux stress brought up by high-speed network. Last but not important, comeup with the improved multi-ply pattern-matching strategy based on protocol analysis. Presently,most of IDS (Intrusion Detection System) use the simple patter matching algorithm. Howeverthis method needs vast computation consumes resource and fails to report the real attack'spercent more highly. This article enhances the speed of patter matching by improvedpattern-matching algorithm AC-I-BMH and meanwhile uses the character of networkprotocol's high rule and different application protocols having different rule set of intrusiondetection to reduce the compute quantity and the search rule space. So this article introducesthe idea of protocol analysis based on improved pattern-matching algorithm, and detects thenetwork packets disobeying the protocol's standard and reduces the search space to minish the failing to report real attack's percent and increases the speed of intrusion detection.This article studies the distributed high-speed network intrusion detection system deeply,and probes into the key technology points, and the archetypal system has been tried toimplement. To some extent, all of these have a realistic significance to establish the frame ofnetwork security and improve the existing network intrusion detection for enterprise orcorporation.