摘要
为了提高分布式入侵检测的实时性和安全性,提出了一种可信对等的分布式入侵检测通信框架的模型。该模型借鉴了P2P和代理技术,不同网络节点中的入侵检测代理是对等的,它们之间通过共享检测信息进行整体协防。该模型还借鉴了安全通信技术,在网络中建立了一个认证服务器,不在同一网络节点的任何两个网络进程的通信必须通过该认证服务器,提高了入侵检测自身的安全性。设计实现了一个原型系统,原型系统的实验结果表明了该模型的正确性和可行性。
To improve performance ofreal time and security, a model oftrusted and peer to peer communication framework in distributed intrusion detection is put forward. Using the technology of peer to peer and agent for reference, intrusion detection agents among different network nodes are peer to peer, and they collaborate to prevent intrusion through sharing the information of detection. A authentication server is established in the network by using the technology of secure communication for reference, and every two processes' communication in different network nodes must travel via the authentication server, such that improve the security of intrusion detection itself. A prototype is designed and implemented, and the result of the prototype' s test shows the correctness and feasibility of this model.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第5期969-972,共4页
Computer Engineering and Design
基金
南通大学自然科学基金项目(08Z067)
关键词
分布式
入侵检测
代理
对等
多播
distributed
intrusion detection
Agent
peer topeer
multicast
