Distributed Intrusion Prevention System And Its Key Technologies

People must be up against the problem of network security when the fast developing ofnetwork's applications and network's services. The complexity, accessibility, and opennessof the Internet have served to increase the security risk of information systems tremendously.All of resource and importance information are coming under threaten of insecurity factors,so that it's necessary to adopt the security techniques.Intrusion detection is a critical component of network security. To arise the broadattention and regard, it develops more rapidly, although which research only begins severalyears. From angle of data source, intrusion detection techniques can be categorized intonetwork based intrusion detection and host based intrusion detection; from angle of detectiontechnique, Intrusion detection techniques can be categorized into misuse detection, andanomaly detection. In the early time, many intrusion detection systems have been built byutilizing misuse detection, but they are unable to detect any future (unknown) intrusions thathave no matched patterns stored in the system. Distributed of attacks and detection ofhigh-speed network which become the bottlenecks of intrusion detection, it's necessary toadopt new ideas and theoretic.In order to solve the new requests of detection, this article researches several issues,such as new model of intrusion detection, anomaly detection, and initiative response ofmechanism.The main work of this article is following:(1) Analysis the current intrusion detection system and techniques, and find out the shortcomings.(2) Present the frame of distributed intrusion prevention system, which adopt distributed of frame and idea of load balance.(3) Present one statistics based detection technique, which adopt support vector machine based intrusion detection algorithm, and discussing how to improve the veracity of detection.(4) Discuss the initiative response of mechanism, and presenting policy based initiative response of mechanism for distributed intrusion prevention system.(5) Design and implement the prevention agent, which can implement misuse detection, and anomaly detection for data of network.Intrusion detection technique is one valid security technique, comparing with othertechnique such as firewall, which has unique trait for security systems. Researching newintrusion detection techniques that will safeguard the applications of network, security ofinformation, and security of national defense etc.