Research And Implementation Of A Distributed-Based Network Intrusion Detection System

Along with the continuous development of Internet technologies and widely used in various fields, network security issues become especially prominent and important. Traditional means of network defense which using passive defenses such as firewalls and access control methods, have already struggling to meet the increasingly complex network intrusion(s). Intrusion detection, as a technology of network security of active defense, to rapidly identify intrusions and make a warning response, is suitable for different network environments. But unknown intrusion is difficult to be detected before it is recognized, has causing defense behavior failed, and brings to the network security risks.This article will combine distributed architecture with data mining techniques to enhance the accuracy, validity, processing power and forecasting capability of intrusion detection. First I will introduce the common model, technique classification and architecture of intrusion detection, and make a comparative analysis between their advantages and disadvantages. The essay also describes the technology principle and working process of data preprocessing, classification, and clustering analysis in data mining, and its application in intrusion detection.In view of the problems and shortcomings of existing intrusion detection systems, I design a network intrusion detection system based on distributed architecture, and give a detailed design and implementation of the various functional modules. This system consists of a master node server and several detection agent nodes, agent detection nodes based on the local rules are responsible for data flow inspection tasks within their respective domains, unknown acts detected will be referred to the master node server to make projections, and define a format for exchanging messages between nodes. Then for the distributed system architecture and outlier mining theory, I design a Distribute Full-supervision Membership-degree Classification Algorithm (DFMCA), so that IDS has a capacity of rapid predicting unknown acts, without affecting the normal operation of the detector, and expect to achieve higher accuracy than the existing classification algorithm.Finally, through the test experiment of various modules of the system, I confirm the system with strong processing power, predictive capability, flexibility, and scalability, has effectively reduced false negatives and false positives. And then the result analysis and forward prospect of this topic will be presented.