A Smart Distributed Intrusion Detection System Research And Design

Intrusion Detection as a proactive security protection technology provides an internal attacks, external attacks and misuse of real-time protection, the network system to intercept and respond to hazards before the invasion. From the three-dimensional depth of network security, multi-level defense point of view, intrusion detection should be attached great importance to the people; from foreign intrusion detection products on the vigorous development of the market can be seen. At the national level, as the Internet's key sectors, more and more business-critical, urgent need to have our own copyright intrusion detection products. But the status quo is the intrusion detection is not enough maturity in the development stage, or is more integrated in the primary firewall intrusion detection module, intrusion detection system for the study is very important.Intrusion Detection refers to a specific network environment in the discovery and identification of unauthorized or malicious attacks and incursions, and to respond to this process. The intrusion detection system is a use of intrusion detection technology on a computer or network resources to conduct real-time detection system tools. On the one hand, intrusion detection system detected the object of unauthorized intrusion of the system, on the other hand is also authorized to identify the targets of the illegal operation of system resources.In this paper, we propose the use of rough set classification algorithms as a network intrusion detection algorithm generated by the rules, at the same time, the intrusion detection system in the structure we have adopted a distributed architecture, and the use of the Condor system as the core of the distributed architecture .In this paper, at first, we detailed introduce the concepts and history of the intrusion detection technology and the use of related technologies and development trends. And then, we highlights of the network packet interception and analysis technology, cluster job management system - Condor System and the theoretical knowledge of rough set. At last, based on these theoretical knowledges and technologies, we design and implement an intelligent and distributed Intrusion Detection System base on rough set theory and Condor system. This paper has done major work, innovation and technical difficulties are as follows:1,Reviewing the basis of the computer network, according to the interception principle and the analysis principle of packeting network data packetages, used Winpcap software develop packetage, we intercept and analyze network datas.2,We config a Network Interface Card (NIC) into a statistics modle, and implement a real-time statistics function for network data flow and display a friendly graphical interface to the network administrator.3,Through research and study the distributed system architecture, we use the distributed architecture as the main architecture of the intrusion detection system. And we use the famous cluster job management system—Condor system as the core of these distributed system. This distributed system is consist of different servers and work stations. They play different roles—Center Manager, Job Submitter and Job Runner.4,In the intrusion detection module which is the main model in a intrusion detection system, we use rough set theory to generation intrusion detection rules. Why we use this theory to be a main algorithm of generation intrusion detection rules? The main reason is that the areas of the intrusion detection have lots of uncertainty datas, and the rough set theory has many advantages to handling these uncertainty infomations.5,We summarize all above of key technologies, we design and build an intelligence distributed intrusion detection system base on rough set theory and Condor system. We implement five models of the intrusion detection system which are data collection module, dispatch engine module, intrusion detection module, store module and results display module.Finally, we design a simulation experiment to test and analysis the system. In this experiment, we use a famous test data—KDD CUP 99. Simulation results show that the system is practicable and it has the better result in the rate of misjudgment and missing rate.During the period of school, Author has delivered 1 articles at《aeronautical computing technique》.