The Study Of Scalable Distributed Intrusion Detection System Based On Fuzzy Algorithm

With the wide popularization of computer and network application, attacks aiming at network are ever increasing, and series of security technologies appear. Intrusion Detection Technology (IDT), as an important positive defensive technology, has long been an important direction of research branch of network security. Intrusion Detection System (IDS) should summarize all kinds of information to judge the intrusion actions under complex and distributed network environment.Comprehensive analysis is given at the beginning, which includes the background of intrusion technologies, the classifications and technologies. Current deficiencies and directions are also given.The paper discussed structure and agent technology of the distributed IDS. Three main distributed IDS models are studied. As detection based on abnormal and misuse judge the normal and abnormal status clearly, under current Internet environment, it is very hard to get a quantitive evaluation result for attacks. As fuzzy algorithm based detection has advantages in judging attacks, it can evaluation all factors in a comprehensive way. On basis of above analysis, a fuzzy algorithm based distributed IDS architecture is proposed, and agent technology is introduced. The system is composed of fuzzy detection agent, communication agent, fuzzy decision node, rule database and etc. Fuzzy detection agents collect data and judge according to rules for the primary stage. Communication agents can aggregate data from several detection agent and then summit data to fuzzy decision node. Fuzzy decision nodes provide definite judge result and responding measure for suspicious data based on fuzzy algorithm. The paper explicitly describes the design and implementation of each part, and implementation, including generation of weight matrix and fuzzy matrix, is mainly discussed.Experiment is used to testify the distributed IDS based on fuzzy algorithm. Common leaks, attacks and experiments procedures are given. On this basis, relevant test is performed, and SYN-Flood attack is used as an example for the experiment procedure. The result reveals that the IDS implements distributed data collection, distributed intrusion detection, and can satisfy high speed and large data volume network requirements.