The Research And Development Of A Network Intrusion Detection System

Along with the development and the extensive application of the network, the intrusion affairs become more and more frequent. This brings serious jeopardousness, so the security of the network becomes more and more extrusive.Because the traditional network security fortification system based on fire wall, identity authentication and the technique of encrypt presences limitation and deficiency,it makes intrusion detection become the study hotspot and the important direction in the security of the network. Intrusion detection changes the former passive defense, it can forwardly tail after diversified intrusion action and response duly. Especially in the aspect of resisting the attack from the inside network, intrusion detection has particular characteristic and becomes another secure line of defence after the fire wall. According to the investigation, along with the popularization of the network, intrusion detection has more comprehensive develop future and value. But the actual actuality it: people do not know the intrusion detection profoundly. Intrusion detection is not as mature as the firewall. So, the study of the intrusion detection becomes more meaningful. In resent years, the building of the network progresses greatly. Because of the enlargement of the network, the network must deal with the intimidation from the inside and outside the network. The former security policy based on the fire wall can not satisfy the require of the network. Intrusion detection warning becomes the new hotspot in the field of the network security and its development.This paper based on the actuality of the current network security, analyses conception of the intrusion detection, the history of the development and the model of the intrusion detection. The intrusion detection can be divided into several kinds. According to the origin of the detection data, it can be divided into host intrusion detection system and network intrusion detection system; according to the detection method, it can be divided into abnormity intrusion detection system and misapplication intrusion detection system; according to the framework adopted, it can be divided into centralization intrusion detection system and distributed intrusion detection system. The paper also expatiate the merit and the flaw of different kinds of detection system.In the following system analysis and design, the paper put forward a model of hiberarchy mixed distributed intrusion detection system. The model divides the protected network into several secure manage area. The model is composed by detection agent, surveillance agent and policy administration agent.The work of different parts consults the CIDF model and make the function of the inside module in different agent full. The model can embodiment the distributed intrusion detection system from three parts, the distribution of the data origin, the distribution of the analysis detection and the cooperation of the multi-area detection.In the implement of the system, the paper introduces the implement process of the network detection agent and surveillance agent based on Windows 2000, the paper also introduces the design and the implement of the data fusion algorithm. For the sake of testing the run efficiency of the network detection agent, do the lose package ratio testing and the CPU load testing in a network. The result of the testing indicates that in the normal network communication, the system can reaches to the effective running state.We test attack duration of several scan tools. According to the testing result and the number of the detective intrusion, we test the detection efficiency. The result indicates that the network detection agent can detect more than 95% scan action in a short time, and adopts the corresponding steps duly. Then the paper adopts land, Smurf V1.2, udp flooder 2.0, syn flooder v1.0 edition, black storm ddos attack 2.1 testing edition and Kn-ping distributed refuse service tools to do the attack testing. The result indicates the system can observe the distributed attack in short time and send out the warning signal.Working. as an important study field in the network security, the distributed intrusion detection warning system also has many problems and technique difficulty. At the end of the paper, it gives the study direction in this field in the future.