The Key Technology Research Of Distributed Intrusion Detection System

In recent years, the development and popularization of Internet provides convenience for our work and life, but at the same time, the safety and reliability of Internet become the focus of our attention. With the attacker's knowledge becomes mature and the increasingly attacking tool technique are diverse and complex, the pure firewall has failed to meet the company security's needs. As a kind of positive safe protection system, Intrusion Detection System, which can provide a real-time protection for internal and external attacks or the incorrect operation, and response the invasion before the attack, and inform administrators to take measures, improve the security greatly, has got the extensive research and application.Based on the detailed expound the basic concept of intrusion detection system, the classification and method of measurement technique, and the comparison of all kinds of detection method, the limitations of current intrusion detection technology and development trend of intrusion detection are proposed. As an important research direction of intrusion detection system, the distributed intrusion detection system has got the fast development because of its advanced idea and the safe and effective detection's technology.In the study of the distributed intrusion detection system, through the analysis and discussion of the distributed intrusion detection system, the system framework, the system characteristics, and the typical model of distributed intrusion detection system, we in-depth analysis and research the key technology of intrusion detection system in-depth: technology of the distributed detection engine of network. On the basis of that knowledge the system is improved. And the design idea is that a special research is made to the distributed detection engine of network. In the part of pretreatment technology, restructuring technology based on the pretreatment technology is adjusted, which can reduce the rate of fail, and improve the stability; Meanwhile using the effective rules matching algorithms in the detection of engine, the BMZO intrusion detection algorithm based on the basis of Boye Moore algorithm ,which is proposed to realize the key parts ,is putted forward: the rule of matches. It can improve the detection speed of the engine. The experiment texts that the improvement technology can greatly improve the efficiency and stability of the system, it can meet the requirements of the design.