RESEARCH OF A HYBRID DISTRIBUTED NETWORK INTRUSION DETECTION SYSTEM

摘要

The distributed intrusion detection system(DIDS) is widely used in large scale networks. Researchers have already proposed well-structured DIDS prototype systems, these systems generally adopt the layered control structure which has disadvantages of single point failure and overload problems in practise. This paper analyzed the drawbacks in early prototypes of DIDS, reviewed their improvements in recent research, and raised a hybrid DIDS structure based on layered structure. This structure mainly focuses on providing basic services to higher level entities in real-time intrusion reporting and further analysis. Alternative solutions to the drawbacks in layered DIDS prototypes are given, which are less costly and more simplified compared to the improvements raised recently. The most popular IDS application, SNORT, is used to construct a sample system using the hybrid DIDS structure as an example.