Based Distributed Architecture And Integrated Detection Mechanisms Network Intrusion Detection System Design And Implementation

Focusing on how to improve the detection capability, efficiency and self-security, the research purpose of this thesis is to design and implement a distributed NIDS with a compositive detection method through the study and analysis of the system's framework and detection mechanism.Firstly, we introduce the basic architectures of the monolithic NIDS and distributed NIDS, discuss and analyze their limitations or the issues needed to research furthermore, and propose a distributed framework adopted by this thesis. Secondly, we summarize two different detection methods of the misuse and anomaly detection, and bring forward a compositive intrusion detection method on the basis of analysis carried out to the intrusion behaviors and their characteristics. Thirdly, we describe the traffic capture method adopted by this system, define the rule's types and their format, and brief the system's implementation.Finally, we summarize the system's strong suit, present the basic conclusions on the improvement of detection capability, efficiency and self-security, and propose the key issues needed to research and improve in the future.