Research And Designs On Intrusion Detection System Of Distributed And Active

Invades the event along with the hacker day by day rampant, the people discovered from the defense angle structure safety system is only insufficient. After the invasion examination technology is continues;the firewall; the data encryption; and so on the traditional safekeeping of security measures the new generation of safety control technology.It carries on the recognition and the response to on the computer and the network resources malicious use behavior, not only it examines comes from exterior invasion behavior, simultaneously also supervises internal user not to be authorized the activity.But the distributional initiative invasion examines the (ODIDS) system to be able to satisfy under the distributed environment to invade the examination system the request, he has following characteristic:Enables the system based on the part design to have the very good extendibility.As a result of system each function part independent existence, between part standard network connection, therefore the part deployment may many be possible to be few, needs to decide completely according to the actual network system.In WAN, as slightly all may deploy nimbly approximately as the office network.Two level of analysis structures have satisfied real-time and the accurate examination request well.Is located the main engine proxy and the network engine level analysis structure emphasis real-time examination, is located analyzes the part the second level of analysis structure thorough analysis data latent threat.This kind is similar in the buffer thought analysis structure can very good guarantee examination timeliness and the accuracy. Simultaneously grades the analysis structure can enable many kinds of analysis method simultaneously to exist in the system, displays each examination method fully the merit.(1) Introduced in detail how the driving-type invasion examination system did deploy, as well as system structure.(2) Realized the network engine design, including has used winpcap to realize the data packet capture module, as well as the use protocol analysis technology realized the protocol analysis module.(3) The part has realized the control bench module, including the invasion examination module realization, as well as utilized the linkage technology to realize the response module.(4) Has thoroughly discussed the system own protection measure plan.