| The present network environment requires IDS to collect detect signs from subnet,and then work out the invasion situation.However,the present IDS has fatal limitation,like single point of failure,when it is applied to large-scale network.P2 P technology can essentially solve this problem.Thus,the paper will introduce P2 P into large-scale intrusion detection.Nowadays,network security has been the major concern of the world.As new attack technologies emerge endlessly,passive defenses like a single firewall can not ensure the safety of the network.As an active method,IDS can be applied to the network.IDS can find the intrusion behavior and then take different treatment measures before the network is damaged.RBF,as a data fusion method,has become a research hotspot because of its universal approximation and fast convergence.It can significantly reduce the false alarm rate and missing report rate if RBF is introduced into IDS.The article will start the research from two aspects: large-scale DIDS and intrusion detection method.Firstly,we will use research achievements in SP2 P to build the network model for large-scale DIDS.Divide the network according to geographic locations,and select the super node to localize the information processes.We use JXTA,a network protocol for P2 P,to realize data communication among IDS.We use JXTA services like peer group creation,peer join or out of the group to realize the IDS join or out of the area.Then combine RBF with snort.We use RBF to find unknown invasion and then build new detect rules for snort.The article uses K-Means to find the initial cluster center.As K-Means is sensitive with initial clustering centers and noise data and outliers can seriously impact its result,the paper introduces a K-Means algorithm based on subtractive clustering.The experiment shows that the improved method has good intrusion capability. |
PDF Full Text Request