Research Of CORBA-Based Intrusion Detection System

With the rapid development of science and the widespread of information technology, the computer technology, communication technology, and the network technology is developing at an unprecedented pace. Meanwhile, the structure of network system works with shortcomings and instability, so people are facing a series of network security problem brought by hackers' intrusion. To maintain the security of the network system, researchers are exploring and developing various ways of protection, from simple ways of static protection to dynamic protection. Therefore, as a very important dynamic protection technology, the intrusion detection technology becomes a hotspot for recent years.This research discusses the issue from the following aspects. Firstly, the present study compares the various existing intrusion detection technology and analyzes their advantages and disadvantages. Secondly, the structures of the various intrusion detection systems, in particular that of the distributed intrusion detection system have been analyzed and the three most popular middleware technology used in the distributed intrusion detection system has been compared. Thirdly, the study investigates the expansibility of the system and demonstrates the advantages of the introduction of CORBA technology into IDS, especially the use of its Software BUS to achieve the expansibility.Then the paper not only proposes a solution suitable for high-speed network intrusion detection system but also designs and implements a CORBA-based intrusion detection system model. The new system flexibly combines the distributed detector and the control reactor. The good expansibility of the new system, in particular the use of the directory service of CORBA makes the control of the reactor for the detector more convenient, that is to say, the old detector as well as the new detector can be managed by designating the sole name. In particular the new detectors can be used with no changes of the code of the control reactor.This work is to carry out a model system with CORBA technology, specifically, the detection technology is error detection, which is model recognition technology, belonging to network intrusion detection system. In future, error accumulative detector and intrusion-detection based on mainframe can also be added to this system. We develop this system with C++, on Windows and Linux. Thanks to the share-operating system and share-languages of CORBA, there might be more developing part added to the system with more operating systems and languages. Moreover, CORBA is able to cooperate with all kinds of distributed system, so the whole system can take advantage of every sub-system, which means more than one technology. The last but not least, the efficiency is very important no matter what technology it is.