Study On Distributed Instruswn Detection System Based On Military Network

In recent wars, information is an important strategic resource and is the criticalfactor that determines the results of the war, thus, it is crucial to ensure the security ofthe computer information system and network. To adapt to the need of information war,some countries, such as USA, devote major efforts to developing digital weapon, andsuccessively organize network forces which have the good ability of offensive anddefense. Facing with the serious threaten of network security, we must speed up theresearch and development of intrusion detection system with self-innovation. Just tosatisfy the requirement of network environment and security of simulation militarynetwork, the paper devises and implements a distributed intrusion detection system.The strong and weak points of existing intrusion detection system and therequirement of military network intrusion detection system are firstly analysed in thepaper. Secondly, the paper designs the system model of the distributed intrusiondetection based on military network, which is a layer-built and distributed intrusiondetection system model. It has the characteristic of distributed analysis and simplecontrol. Thirdly, the paper puts forward the detection technology compromising patternmatch and protocol analysis, and improves pattern match algorithm.This paper designsthe communication mode based on subscription, which provides subscriber registeredand releases news for subscriber obtaining by event management service module. Thepaper studies and analyses the alarm aggregation method of classification-basedattribute similarity, which divides alarm into four categories and calculates respectivelyattribute similarity value, and then categorizes alarm by judgment algorithm. Finally,the paper accomplishes the implement of main function module.Introducing the communication and cooperation mechanism of detectioncomponents and integration of multi-analyzing technology, the system has betterperformance of interactive, can detect general intrusion, distributed attack and fix theposition of intrusion, at the same time, it improves the detection ratio and detectionefficiency and enhances military network operation security and stability.