面向网格计算的按需入侵检测模型

为了解决分布式入侵检测系统缺乏动态组织敏捷性的问题，提出了适应数据网格的按需入侵检测模型.该模型针对网格计算的动态共享性与多域集成性的特点，基于全局检测服务将入侵检测系统分为安全评估模型、工作流编程服务、数据网格环境与检测资源服务四个部分.通过系统级与节点级重构相结合的方式，保证入侵检测系统全局检测服务失败时，能从节点处获得检测服务支持.研究结果表明，与Snort入侵检测系统相比，在局域网(LAN)和广域网(WAN)的实验条件下，基于该模型的分析引擎Higen的检测时间更少，消耗用户时间更少，提高了网格计算环境下协同检测的敏捷性.

Grid computing oriented on-demand intrusion detection model

To solve the problem of lacking dynamic organizing agility in distributed intrusion detection systems,an on-demand intrusion detection model adaptive to the shared data environment was presented.Considering the dynamic sharing and multi-domain integration properties of grid computing,the intrusion detection system consisted of four parts including security estimate system,work flow programming service,data grid environment and detection resource service in the model based on global detection services.By combining the system and node level reconstructions,detection services were ensured from nodes when global detection services of intrusion detection system failed.Results show that compared with the intrusion detection system Snort,the analysis engine program Higen can consume less detection time and user time in local area network(LAN) and wide area network(WAN) experimental environment,and improve the agility of cooperative detection in grid computing.