Design And Implementation Of Distributed Intrusion Detection System Based On Snort

With the continuous development of computer and network technology,the network information security is getting an increasingly attention.Traditional intrusion detection technologies have been unable to meet the requirements of distributed intrusion detection;thereafter distributed intrusion detection has gradually become the research focus in the field of intrusion detection.In this dissertation,present research on current network security technologies is summarized first,then based on the analyzing the existing problems in the intrusion detection,understanding of the DIDS,and studying the overall framework and detection analysis patterns of distributed intrusion detection,some solutions on some key technologies are proposed,and then a prototype distributed intrusion detection system based on Snort is designed and implemented.The major work of this dissertation is as follows:(1) Summarized present research on current network security technologies,made a comparison and analysis between different types of DIDS features,then proposed our design objectives of distributed intrusion detection system based on the study of the DIDS specifications.(2) An improved distributed intrusion detection model is designed.The detection nodes take charge in both data collection and data analysis functions,and handover the abnormal behavior events to the central controller,this could reduce the heavy transmission load,low efficiency or poor robustness problems which existed in traditional IDS while under the precondition of distributed intrusion detection architecture.(3) Design of the intrusion detection node modules.First,divide intrusion detection nodes into different classifier nodes by different tasks,for example,use Snort detection nodes for analysis the contents of data packets,and then developing a traffic analysis system for detecting the DoS attacks,thus ease the problem of poor node analysis capability while detecting different intrusion activities by single detection classifier node.Second,uniform the original alarms generated by different classifier nodes into a uniformed format,and then do secondary analysis to integrate some alarms into the same intrusion alarm based on certain rules,reduce the redundancy alarms.(4) A DIDS prototype system is implemented.