Research And Design Of Distributed Intrusion Detection System

With the constant complication of network environment and frequent occurrence of network attacks, more and more attention has been paid to network security. The traditional network security technology is primarily on defense. For example, firewall is used as the principal part of security protective measures. However, the firewall is a passive detection technology and has some limitations. For instance, it is powerless for the internal illegal operation. So the protecting technology that bases on invasion detection receives more attentions. Invasion detection technology is one of the core technologies of network security. It can discover through the analysis of information collected from network and computer system. It can discover whether there is behavior that violates the security strategy and attacked signs. It collects information from machines that set in some key points of the network. Research on distributed intrusion detection system can further resolve the current network security issues. And DIDS will take on more important tasks in network analysis and testing, and it gradually becomes the research hotspot.Firstly, the current network security situation is introduced. And then concepts concerning intrusion detection, its development, its classification and Common Intrusion Detection System, are discussed. Then two kinds of distributed intrusion detection systems, that are AAFID and EMERALD, are discussed. The frame colligating hiberarchy and cooperating frame, which solves the bottle-neck problem and the problem that one spot is disabled, is advanced in this paper. The important part is how network detection agent comes true. It is discussed through data capture, protocol analysis and rule matching. Arithmetic of WinPcap is used, and the arithmetic which is better than Boyer-Moore-Horspool is also used. And the network detection agent based on rules, which is from Snort, is constructed on Window XP. And also the graphic output using ACID comes true. And the database which is used in the system is MySQL. And the interface of the network detection agent is designed by VC++6.0, which makes users easily configure the system and hold the security of the system. Finally, the paper is summed up and the next is put forward.