摘要
随着网络速度不断提高和规模的快速扩展,对入侵检测系统的模型、结构和实现技术提出了新的需求。在深入分析和讨论现有入侵检测模型和技术优缺点的基础上,针对高速网络的特点,本文提出了一种层次可变的树状分布式入侵检测体系结构。该结构可以根据网络规模的变化动态地进行配置,各节点的增加和删除采取注册和注销的方式,而且树状结构中的每一个独立节点都可视为一个完整的入侵检测系统。利用动态负载均衡与基于协议分析的多模式匹配技术对其进行实现。
With the rapid development of high-speed networks and large-scale networks, intrusion detection has a new demand for model, architecture and technology of implemention. This paper catalogues systematically and researches analytically all existing intrusion detection model and technology, and discusses the advantages and disadvantages of all detection analysis technology. A tree-type architecture of variable levels of DIDS is proposed for high-speed networks. At the same time, the tree-type system can configure freely according to the scale of networks, delete a node with any dependent node recognized as an integral IDS. it adopts registration and cancellation as a way to add or It is implemented by technology of load balance and multipattern match based on protocol analyze.
出处
《衡阳师范学院学报》
2006年第3期73-77,共5页
Journal of Hengyang Normal University
基金
衡阳师范学院科学基金资助项目(2005D01
2005A04)
湖南省教育厅高校科研资助项目(05C648)
湖南省自然科学基金资助项目(03jjy3103)
关键词
高速网络
分布式入侵检测
体系结构
负载均衡
模式匹配
High-speed network
distributed intrusion detection
Architecture
load balance
pattern matching
