| The general research situation of distributed intrusion detection is surveyed briefly. It is well known that the characteristics of the transport layer packets are often used to detect intrusion by the traditional methods of intrusion detection. It results in false-alarm and low detection efficiency.A new system of distributed intrusion detection is proposed and designed in term of the research results published in this area, which is based on the multi-core processors TileraPro64. Several design problems of this system is also discussed in this paper, which mainly include: the choice of intrusion detection matching algorithm, the improvement and implementation of protocol analysis in different layers, and the design of packet capture and load balance algorithms. The parallel application program of this system is designed by author, which include: the data acquisition module, the data distributed module, the intrusion detection module, the feature matching module and so on.Finally, this system is tested and verified by applying the test program TcpReplay on the Tilera development platform. In fact, this system can detect the external intrusion attack and internal unauthorized behavior, and provide real-time alarm and automatic response function. The experiment results show that the system given in this paper can effectively detect network intrusions in high speed network environment, and can overcome some technical flaws of traditional methods. |
PDF Full Text Request