Research And Design On Distributed Intrusion Detection System

Research on distributed intrusion detection system (DIDS) can further resolve the current network security issues and provide a favorable support for building a high-quality, high-stability, high-reliability safe network. With the increase in network scale and net-environment complexity, DIDS will take on more important tasks in network analysis and testing, and gradually become the research hotspot.DIDS is obviously superior to the general network intrusion detection system in data collection, data detection and system flexibility. To overcome the shortcomings existing in the distributed detection of current DIDS, the paper proposes a new method for information sharing and interacting among independent modules in distributed intrusion detecting environment, meanwhile takes the direction of data flow into consideration to enforce data detection, especially the detection against distributed network attack. The paper focuses on main issues exsiting in distributed intrusion detection, aiming at improving communication security, realizing data-sharing among sub-systems and localization accuracy among independent modules through research. The main content is listed as follows:①The overall design for DIDS was presented, with each function module and its structure discussed, and the system data flow analyzed.②Distributed detection sensors and rules for distributed detection were studied. The structure optimization strategy for distributed detection rules were proposed to enhance the rules-matching speed.③Analyzer for distributed detection was studied. Through the analysis of network data flow, a detection mechanism combining depth and scale was proposed, to achieve data exchange and sharing among each detected entity.④Communication module among independent detected units is designed and implemented. Security factors such as data encryption and authentication were introduced into DIDS to improve the security and accuracy of data exchange, message transmitted among modules was defined, module localization based on directory was studied .To sum up, this paper completed the research on the distributed intrusion detection technology according to the characteristics of the distributed network environment. After the performance testing, it could fulfill distributed network detection tasks and is beneficial to promote the detection efficiency of the system.