| With the development of network technology, the network security has received more and more concern. Intrusion detection is a kind of technology that can provide active security protection. It plays a very important part in protecting our system from attacks. It is a necessary part of the security system.This paper gives emphasis on the analysis of the distributed Intrusion detection system's architecture and the cooperation among different nodes. We know the initialization, the classification of rules, the compile of Multi-Pattern Search Engine, the process of detection and the output, by the analysis of Snort-2.7.0.1's source code.This paper realizes a distributed intrusion detection system based on snort-2.7.0.1, without center node. If the system detects an intrusion or get a new rule from other trusted systems, it will send the new rule or the rule that detects the intrusion to other systems that trust it. After other systems receive the rule, they must check whether it already existed or not. If the rule does not exist, they will put this rule into the system without restarting the system. If it has already existed, they will do nothing. At last, several attack software have been used in several experiments for detecting the system's performance. Results have shown that it runs well. If a system detects an intrusion, it will send the encrypted rule which can check this attack to other systems and other systems will get this rule and put it into the system quickly. So other systems can check this kind of attack. |
PDF Full Text Request