Research And Implementation Of A CORBA-based Distributed Intrusion Detection System

With network environment of continuously complicated, a variety of network attacks frequently occur, the network security of the growing importance of Internet obviously, as a network security initiative defensive measures Intrusion Detection System, IDS new methods and technologies are constantly proposed and applied. Based on the analysis framework CIDF and the DIDS traditional framework, the thesis build a CORBA-based Lightweight-Agent Distributed Intrusion Detection System Model, the model can not only detect host-based and network intrusion, but also the rapid detection of large-scale distributed intrusion.CL-DIDS utilizes CORBA middleware as the system integrated bus has played a CORBA to the operating system, network protocols and programming languages, etc, the transparency of the advantages, and has enabled us to focus on the realization of targets. CL-DIDS system makes use of the system command to achieve an order by the amount of time spent calling sequence, the size of the memory collection, takes advantage of the group capture mechanism library Libpcap which concrete realizes of the visit unrelated to the operating system capture data packets on the network, and Protocol decoding, isolated from the TCP/IP protocol layer in all fields, reducing detection agent development difficult in different platform. CL-DIDS achieve dynamic coefficient based on the queue against the host called Sequence Detection methods and data packets on the network protocol analysis and pattern matching detection method of combining research, while NFR IDS format of the description of the rules have also carried out research to improve the matching the speed and reduce the false positives and omissions and improve the real-time detection and accuracy. CL-DIDS proposes the new concept sensitive to the agents, exploits dynamic loading technology increase or decrease sensitivity agents to achieve Distributed Intrusion Detection, such as DDOS. At the same time Centre Analyzer converges agents suspicious of the data, comprehensive analysis of various data sources, further judgement of distributed attacks, upgrading the existing system attack on the complex analysis and decision-making capacity, improve system robustness.CL-DIDS architecture model has platform-independent, good adaptability, scalability, support multi-level data analysis and dynamic characteristics of defense for the current complex networks have a good prospect.