混合型分布式入侵检测系统模型

Hybrid distributed detection system module

在分析入侵检测研究现状的基础上,对分布式入侵检测系统广泛采用的基于组件和基于代理的两种分布式入侵检测模型进行了深入的研究。结合两种模型设计了一种基于网络入侵检测系统和基于主机入侵检测系统的混合型分布式入侵检测系统,并对系统各部分的功能、工作流程、消息格式、通信方法展开了讨论。最后给出了系统的部署方案以及实验过程。实验结果表明:该系统可以准确地检测出以上多种类型的攻击行为,并及时地采取相应措施,阻断攻击者的网络连接。

The research status on intrusion detection was studied and the analysis was conducted for the component based and agent based distribution intrusion modules in distribution intrusion detection systems. Combined these two modules, a hybrid distributed intrusion detection system(HIDS) on the basis of network based intrusion system(NIDS) and mainframe intrusion detection system(MIDS) was designed. Functions in the different parts of the system, working procedure, message format, and communication method were discussed. Then the system deployment scheme and experiment process were given. The experimental results show that the system can accurately detect various intrusion actions and quickly take countermeasures to block intrusive connections.