| With the rapid development of Internet and network technologies, intrusion detection system (IDS) has become a necessary guard line in information security architecture. Unlike firewall or other security components and products, IDS is expected to be more intelligent. Generally, IDS in current use can rarely meet actual requirements in performance, accuracy and distributed characteristics. On the other hand, different network environments require various reliability and architectures. Especially in a high speed and large-scale network environment, due to the limitation of detection data storage and processing ability, most IDS in use suffer a high packet-loss ratio, which will significantly decrease detection rate.In this paper, we present a distributed network intrusion detection system, which is composed by a central control and several intelligent agents, deployed in each network segment. In campus network environment with large scale and high speed, each agent processes its local packets to ensure detection ratio, using an improved outlier mining method on clustering to detect kinds of attacks and intrusions. This method is effective for both traditional intrusion and distributed attacks, such as DDoS. The central control is responsible for total decisions, monitoring the security situation on the whole with abnormal events and alarm information fusion, in order to reduce false alarm rate and improve detection rate.Experimental results prove that both traditional attacks like SYN flooding, and distributed attacks such as DDoS, can be detected effectively with visible accuracy rate and reliability. |
PDF Full Text Request