Design And Implementation Of Distributed NIDS Based On Attack Response

With the rapid development of network technology,the scale and speed of the network has been considerably raised and the attendant is becoming increasingly grim security situation. Intrusion Detection (ID) as a proactive security defense technology is more and more concerned. It provides a more comprehensive real-time protection for the internal attacks,external attacks and misuse,and it can make the right response to the attacks when the network is being attacked. However,there are many problems in the intrusion detection technology commonly used to adapt to the large-scale high-speed network,reduce false alarms and omitted alarms and make a reasonable response to network attacks automatically,which is an issue to be studied and solved for the intrusion detection technology in the current and future period of time.This paper starts with the main network security technology,and first of all,it introduces the concept,structure and function of Intrusion Detection System (IDS),compares the advantages and disadvantages of different types of Intrusion Detection System,and recalls the history of the development of Intrusion Detection System. Then,it analyzes and compares the advantages and disadvantages of various Distributed Intrusion Detection System(DIDS),introduces the concept of load balancing on this basis,and proposes two of centralized and distributed load balancing programmes for Intrusion Detection System to balance the load. Then it designs and implements the Intrusion Detection System Based on Attack Response,which uses the distributed architecture including three levels of the Analysis and Control Center,the Network Detection and the Host Detection Engine. The Domain Agent in the Network Detection responses for the load balancing of every Network Detection Engine,the Centre Control Module of the Analysis and Control Center makes decision-responsing,and the Attack Response Module of the Host Detection Engine makes specific response measures,and provides detection and protection tool of host resources of files and Registry protection and files integrity detection. The system enhances the ability to adapt to complex network and the ability of real-time processing to network attacks,and increases the protection of the resources of host more than the other Intrusion Detection System.