| As a result of rapid development of Internet and people's dependence on network, security issues become more and more severe. The firewall has been the main security measures of the traditional network security protection technology. But as network attacks present themselves with more diversity, traditional firewalls are beginning to suffer from failure to defend against them, thus lead to the emergence of the intrusion detection technology. As one of the important mechanisms guarantee the network security, intrusion detection system is unavoidably faced with challenge of high-speed network. Now the computer capability of current processer can not deal with the high-speed network flow, which effects the performance of intrusion detection system seriously.For the referred reasons, the paper firstly introduces the related concepts of intrusion detection system, including architecture, classification and alert aggregation technology. Then it discusses the defects and development of current intrusion detection system.On the basic of the above research, the paper analyse the major problems of intrusion detection system in high-speed network from load balancing, pattern matching and alert aggregation. Combination of the above analysis it puts forward flow-based load balancing algorithm, alert aggregation algorithm based on MapReduce and bidirection-BMH algorithm. Then a intrusinon detection system for high-speed network is designed and implemented.Finally, experiments are made to verify the proposed algorithm and system. The results of experments on the algorithms seperately and as a whole show the system can be competent for the intrusion detection in high-speed network efficiently. In the end, the paper summarizes the total work and gives the prospect of the future work. |
PDF Full Text Request