RESEARCH OF A HYBRID DISTRIBUTED NETWORK INTRUSION DETECTION SYSTEM
The distributed intrusion detection system(DIDS) is widely used in large scale networks. Researchers have already proposed well-structured DIDS prototype systems, these systems generally adopt the layered control structure which has disadvantages of single point failure and overload problems in practise. This paper analyzed the drawbacks in early prototypes of DIDS, reviewed their improvements in recent research, and raised a hybrid DIDS structure based on layered structure. This structure mainly focuses on providing basic services to higher level entities in real-time intrusion reporting and further analysis. Alternative solutions to the drawbacks in layered DIDS prototypes are given, which are less costly and more simplified compared to the improvements raised recently. The most popular IDS application, SNORT, is used to construct a sample system using the hybrid DIDS structure as an example.
hybrid distributed intrusion detection system
Qin Li Danfeng Yan Fangchun Yang
POBox 187, Beijing University of Posts and Telecommunications, Beijing 100876, China
国际会议
北京
英文
1-5
2008-09-26(万方平台首次上网日期,不代表论文的发表时间)