The Research Of Anti-attack Issues Based On Distributed Intrusion Detection

Intrusion detection system(IDS) has already become the one of most important means for preventing information system from being attacked illegally in Internet. At present, IDS develops quickly, but because a lot of general IDS adopt unitary structure, and have many shortcomings such as bad distribution, single-point invalidation, bad robustness in system structure and detection technology. This paper tries to solve these problems by proposing a new intrusion detection model.In the paper the author makes the following contribution:Analyzing the development general situation of IDS, researching forceable intrusion detection system put forwarded by experts at home and abroad. Summarize system's merit , indicating its'short, and based on those, presenting the techniques route of the intrusion detection system research;Taking apart the working principle of intrusion detection system and some related protocol, researching some common intrusion detection methods and those models;Depicting the feature that the Anti-attack Multi-agent Intrusion Detection Model should belong, put forward a new research method to achieve the model. Establish the whole system framework model of the Anti-attack Multi-agent Intrusion Detection Model.This model combines distribution technology and agent technology, modularize Intrusion detection system by function, make all the system parts prepared logically. Use two grades analyse mechanism. The part detection agent distributes in network and hosts to detect all captured information firstly, and then the entirely detection agent detect doubtful information sended by the part detection agent. It can prevent fail to report sth, misinformation and distributed attack, improve intrusion detection's efficiency and correctness;Researching anti-attack technology put forwarded by model detailed. When the main components of the system suffered attack, the model can adjust itself quickly, and do not affect intrusion detection processing normally. Put up related tests, validating the system performance.