摘要
随着网络技术的飞速发展 ,网络安全问题日益突出 网络入侵检测系统需要处理大量的数据 ,处理能力的缺乏会引起入侵事件的漏报 ,提高入侵检测系统的处理能力是目前急需解决的关键问题 DRTIDS(distributedreal timeintru siondetectionsystemforhigh speednetworks)是一个由单个分析节点和多个探测节点组成的、工作在高速网络下的分布式网络入侵检测系统 DRTIDS的分析节点执行基于网络主机的流量分配策略 ,保证尽可能地平衡分配网络流量 。
Now centralized solutions of real time IDS (intrusion detection system) in high speed network have reached their limits because of several technical difficulties encountered in keeping pace with the increasing network speed and communication complexity between applications A DRTIDS (distributed real time intrusion detection system) is proposed, which is centered around a load balance traffic slicing mechanism that ramifies the total packet stream into branches of manageable size and guarantees that each branch contains all the evidence necessary to determine a specific attack With the traffic partitioning done in the analyzer node, multiple sensors can manage sub packet stream simultaneously This approach is described in details
出处
《计算机研究与发展》
EI
CSCD
北大核心
2004年第4期667-673,共7页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目 (2 0 0 1AA14 2 0 10 )
关键词
网络入侵检测系统
分布式结构
高速网络
平衡的流量分配策略
实时分析
networks intrusion detection system
distributed architecture
high speed networks
load balance slicing mechanism
real time analysis