The Improved Design And Implementation Of Communication Component For Network Intrusion Detection

With the development of network technology and integration of network intrusion technology,together with the tendency of the cover-up of intrusion means,the indirection of intrusion object,and the expansion of intrusion scale being more and more serious,network intrusion detection system is applied widely.The goal of network intrusion detection system is to detect marvelous intrusion behaviors of different nodes in the network by monitoring network and the hosts connected with it and synthetically using detection technology based on both host and network.The key technologies are coordinatedhandling of detection information abstraction of intrusion global information.In network intrusion detection system, alarm generated by the detector was transmitted to the center console for analysis, and communication components are intermediate links the role as pivotal. However, with the development of network technology, the increase in network intrusions, the alarm dealed with by the center controller is increasing dramatically. At the same time in order to improve the network intrusion detection system of its own security, a number of use of the inefficient security protocol will not only increase the cost of the system, but also delayed the intrusion detection system to respond to acts of invasion. To solve these problems, a new communication component for IDS is proposed.First, development status of communication component for IDS at home and abroad is analyzed. On this basis, communication components are divided into communication interface module, encoding/decoding modules, load-balancing module and transmission module.Second, each module is analyzed and detailed design. In the design, considering the question that correlated alert is distributed among the different processing node during load-balancing, a methodology of the load balancing based on alert correlated probability is proposed. The results of the experiment showed that alert load balancing metric, alert average processing capacity and alert correlation average disruption is improved in using this method. At the same time, considering the question that security protocol of communication components is inefficient, a new security protocol of communication components is proposed, its security proved in theory, and its relative efficiency is proved by experiments. Finally, key techniques, data structure, the main function and the algorithm are analyzed and described in this paper.