基于P2P模型的网络入侵检测系统PeerIDS

由于在保护网络信息系统安全方面所起到的越来越重要的作用,入侵检测系统(IDS)近年来一直是一个研究热点。与此同时入侵检测系统的性能问题却没有能得到足够的关注。基于对对等模型(Peer-To-Peer)的应用,论文提出一种分布式网络入侵检测系统-PeerIDS。较之于其他一些常见的分布式入侵检测系统,该系统在设计上注重可靠性而没有诸如单点失效一类的问题。入侵检测工作在由多台运行PeerIDS系统的连网计算机构成的对等网中随具体环境而自动进行迁移以实现公平高效的分布式处理。同时对等模型的应用所带来的可扩展性使得该系统的性能可以通过简单地在网络中增加运行PeerIDS的计算机数目来不断提高,很好地适应了日益严峻的网络安全状况。在完成初始设置后,PeerIDS系统的运行几乎不需要任何使用者的干预,体现了很好的自治性。

PeerIDS-A Distributed Intrusion Detection System Based on the Peer-To-Peer Model

Playing an increasingly important role in security protection of many information systems in the Internet,the intrusion detection system(IDS) becomes a hotspot of research interests nowadays.Yet the performance issues of an IDS have not been paid enough attention.By employing the Peer-to-Peer(P2P) model,which is considered a promising approach to solve many problems in a distributed environment,we have presented in this paper a distributed network intrusion detection system named PeerIDS-an IDS solution values the properties of feasibility,durability and scalability most.Viewing the problem from a different perspective as against its counterparts,PeerIDS will provide the networked computation environment with robust and scalable protection while still stays efficient with the bursting of both types and traffic of malicious attacks through automatically and evenly distribute the intrusion detection Workload among all the cooperating PeerIDS instances.Compared with many other distributed intrusion detection approaches,no single point of failure can be found in a farm of synergized PeerIDS instances.Moreover,PeerIDS entails almost no additional administration work after the installation and first time setup.