Intrusion Detection Technology Research based High-Speed Network

摘要

Most existing Distributed Intrusion Detection Systems (DIDS) take a master/slave or principal/subordinate structure, where a master or principal station plays important role in intrusion detection. This paper presents a framework of Peer-to-Peer Distributed Network Intrusion Detection System (P2P DNIDS) based on the experience gained in a project sponsored by 30th Research Institute of Administration of Information Industry. In a P2P DNIDS all the IDS stations or sub-systems have same detection capability and perform similar functions and in case of single subsystem failure other subsystem can take over its responsibility and makes the whole system more robust and flexible. With the increase in the network truck speed from M bps to G bps, intrusion detection systems have to face the packet leaking problem, in which part of the incoming packets are unchecked and have to let them bypass the detection routine for inadequate checking strategy or processing speed. This paper handles this problem by introducing various techniques and tactics such as load balancing, increasing checking coverage, and better matching algorithms.