| With the development of technology and the expansion of network scale, a variety of complex covert attack techniques continue to emerge, which makes the intrusion detection systems inadequate. To deal with mass network data and complicated intrusion, it is feasible to adopt distributed collaborative approach.To settle the collaborative problems of current IDS, the standardization which is the direction of the next generation of IDS is selected as the main contents of this thesis. A feasible next-generation IDS solution is designed and implemented in the thesis, including following aspects:1) The IDXP (Intrusion detection exchange protocol) is analyzed deeply and in detail. IDXP is an important reference for IDS standardized, and uses BEEP (Block extension exchange protocol) as its basic framework. BEEP makes the IDS to focus on specific communication model and data exchange format, rather than the low level implementation of the protocol and security of the communication.2) To decrease the high cost of communication between agencies in the distributed IDS, a new collaborative model is proposed in this thesis, whose core idea is that the level of collaboration between the agencies should be proportional to their correlation. The distributed system is divided into multiple highly related sub-systems by quantifying the correlation of agencies. The new model can effectively reduce the communication overhead, and ensure the accuracy of detection.3) Finally, based on IDXP protocol and open source Snort network IDS, a distributed IDS prototype is implemented in this thesis. The validation and testing results show that the distributed IDS can timely detect the complex attacks. And, the proposed model is proved that it can effectively reduce the packet loss rate of the distributed IDS. |
PDF Full Text Request