Research Of Assemble Distributed Intrusion Detection System Based On Data-Fusion

With the rapid development of network technology, changes of attacking technology was found with the rapid development of the network technology, and thus, new requirements on intrusion detection have been put forward. As an important component in the computer security system,intrusion detection undertakes the significant responsibility of security issues. The traditional intrusion detection is already unable to keep up with the development of large-scale complicated high-speed network, because of the high false-positive rate, complicated configurations, lacking of upgrading ability and limited capacity of intrusion detection.This thesis mainly concerns the combined assemble and data fusion technology based on mobile agent, and proposes a reconfigurable distributed intrusion detection system model. The system constitutes of assemble intrusion detection nodes and integrated processing center that are based on mobile agent. The system realizes distributed intrusion detection which intrusion detection function is reconfigurable, dynamic adaptive and tolerable. Contents of this thesis herein are mainly divided into the following aspects:1,A model of assemble distributed intrusion detection system is introduced, of which the intrusion detection function could be reconstructed. According to the problem of traditional intrusion detection systems, the thesis provides an intrusion detection system model utilizing many kinds of detection techniques. This model could raise intrusion detection accuracy by utilizing data fusion technology and improve the dynamic adaptability by using mobile agent technology. Finally, the assemble intrusion detection nodes and integrated processing center are researched thoroughly.2,Research on the method of decision-level data fusion is conducted, which is suitable for intrusion detection. Aiming at the disadvantage of the D-S evidence theory method to combine conflict evidence, the thesis introduces a conflict function of the evidence and proposed an improved D-S evidence combined method based on conflict function of evidence. Experiment result shows that, improved D-S evidence combined method overcomes the disadvantage of the D-S evidence theory combined method, restrain fast advantages as to other improved methods, which are suitable for intrusion detection. Then, the improved D-S evidence combined method based on conflict function of the evidence is applied to assemble distributed intrusion detection system to achieve the decision-level data fusion. The experiment result proves that the use of kinds of detection ways and data fusion method effectively improves accuracy of intrusion detection.3,The thesis tentatively realizes the assemble distributed intrusion detection system. In addition, this paper presents the implementation of assemble intrusion detection nodes and integrated processing center in detail. While realizing assemble intrusion detection nodes, the author presents a method of utilizing parallel computation to improve the pattern matching performance. The experiment shows the system could provide reconfigurable ability, dynamic adaptability, intrusion tolerance, and is especially suitable for intrusion detection in complicated high-speed network.