Intrusion Detection Technology Research based High-Speed Network
Most existing Distributed Intrusion Detection Systems (DIDS) take a master/slave or principal/subordinate structure, where a master or principal station plays important role in intrusion detection. This paper presents a framework of Peer-to-Peer Distributed Network Intrusion Detection System (P2P DNIDS) based on the experience gained in a project sponsored by 30th Research Institute of Administration of Information Industry. In a P2P DNIDS all the IDS stations or sub-systems have same detection capability and perform similar functions and in case of single subsystem failure other subsystem can take over its responsibility and makes the whole system more robust and flexible. With the increase in the network truck speed from M bps to G bps, intrusion detection systems have to face the packet leaking problem, in which part of the incoming packets are unchecked and have to let them bypass the detection routine for inadequate checking strategy or processing speed. This paper handles this problem by introducing various techniques and tactics such as load balancing, increasing checking coverage, and better matching algorithms.
peer-to-peer architecture algorithm special net card
Bo Song Ming Ye Jie Li
School of Computer and Communications Engineering Southwest Jiaotong University, Chengdu, 610031, China
国际会议
成都
英文
206-210
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)