| With the rapid development of the network technology and the continual opening for internet, it has become increasingly serious to fight against network intrusion. The network security, as a hot issue today, has been attached importance to by people gradually. Though a variety of traditional static security defending system, such as firewall, identification and data encryption are much consummate, they can't completely solve all problems in the field of the network security. So there comes the intrusion detection technology, a type of dynamic network security system. It has been another defending line behind firewall, which can find the intrusion from the trace and orderliness of their actions.Facing the gradually complicated and ample network environment, distributed intrusion detection technology becomes one of main trend of intrusion detection technology at present. This paper has designed the main body of a distributed intrusion detection system, has done detailed analysis and discussion , and has mainly realized the pertinent functions of the control centre of this distributed intrusion detection system, including the design of administration interface, the administrators manage, the probe manage, daily record manage , intrusion response and so on.To the distributed intrusion detection system, analyst always has no way of doing it generally facing such enormous warning information. At present, IDS always only pay attention to the vulgar attack and produce self warning information, so it often can't catch the logical step and tactics back in the intrusion. This paper has designed a model of information fusion for this condition. The model can the filter the repeating warning information and merge the pertinent warning information. By the experiment, this technology is turn to be able to cut down the warning information and the information redundancy effectively, so the system manager can make it more easily.Besides, with the development of the intrusion detection technology, more and more IDS begins to adopt active way to fight against assaulting, for instance, abandoning the doubtful data grouping, putting the assaulting node apart, the allocation network environment again and so on. Based on some existed active response technology, combining with the cost analysis and the choice of response tactics, this paper has designed one intrusion response tactics model, which provides a tactics way based on quantization standard and operation for intrusion response. |
PDF Full Text Request