基于分布式网络入侵检测系统的研究及其实现

Study & realization of the distributed network based intrusion detection system

在分析现有网络入侵检测系统局限性的基础上,提出一个基于模式匹配误用检测技术的分布式网络入侵检测系统模型。该模型可用于应用层协议分析,提高了检测精度;采用协议流分析技术,减少了检测时间与误报率;采用中断会话和防火墙联动,可实现主动响应;在主体智能协作与负载平衡上考虑了其分布式的特性;在Linux环境下构建基于实时智能协作引擎的原型系统,验证该模型的特性。

After analyzing limitations of existing network-based intrusion detection system, the paper raised a distributed network-based intrusion detection system model, which is based on feature ranking misusing detection technology and can adapt well to existing network status. This model extends to application layer protocol analysis, so that, the precision of detection is improved; Protocol flow analyzer is adapted to shorten the detection interval and misinformation ratiot Session-halt and fire-wall are introduced to implement active-response. In order to validate features of the model, RICE-based raw system is built in Linux environment.