High-speed Network Intrusion Detection System

Traditional network security techniques, such as encryption, virtual private network (VPN), firewall and authentication are static security techniques, can't meet the need of the modern dynamic network environment. Therefore, as a new and dynamic network security technique, network intrusion detection system (NIDS) has become into a hot topic of research and plays an important role in network security system. It carries on the recognition and the response to computer and network resources malicious use behavior: it examines the exterior invasion behavior and at the same time it also supervises the internal activity not to be authorized.However, the technique of NIDS is quite complicated and still very young, and many critical problems exist when applied into large-scale, high-speed, and distributed networks. If not solved, the future of NIDS can't be imaginable.This article tries hard from the following several aspects to enhance the efficiency ofIDS:As networks become faster there is an emerging need for security analysis techniques that can keep up with the increased network throughput. This thesis applies load balance technology to high-speed network's intrusion detection, and proposes a dynamic load balancing algorithm. Network packets are dispatched by load balancer to different nodes, so each node will not overload, and the whole intrusion detection system can work in high-speed network.In contrast to the case for standard load balancing, traffic splitters should implement more active operations on the traffic stream with the goal of reducing the load on the detection sensors, rather than just passively providing generic, flow-preserving load distribution. This paper presents two such active mechanisms to implement two-level detection. The first is implementing header detecting as part of the splitter; the second mechanism is decoding the packet according to application protocol, and saving the data in the special data structure for the later protocol analyzing.This article proposed a dynamic protocol analysis approach based on application protocol to solve the vast computing amounts and a high rate of the false alarm problem of the traditional pattern-match method.The main innovation of this article is proposed a model of intrusion detection for high-speed networks environment, and has discussed its essential technology. This model has well expandability; this dissertation makes it significant to help corporation...