The Architecture of the Large-scale Distributed Intrusion Detection System

摘要

High-speed, large-scale networks present new challenges to an intrusion detection system. These challenges include: the volume of data that must be analyzed, the high-speed data stream that IDS must deal with. To adapt these new demands, this paper propose a novel architecture for Large-scale Distributed Intrusion Detection Systems(LDIDS) that can be applied to large-scale networks. This architecture is based on hierarchy, which consists of a root node, several branch nodes and leaf nodes. In this architecture, each node is an independent IDS, all IDSs constituting the whole LDIDS. The main advantage of this architecture is scalability and collaboration. We describe the framework of the nodes in detail. We also present an implementation of LDIDS which is designed according to the architecture.