Research Of Network Intrusion Detection System Model Base On Role Collaboration

With the expansion of the Internet application and the popularization of computer application, the relationship between people and the Internet is becoming closer and closer. Computer network has benefited people a lot, at the same time, it also brings high security risk. To solve these problems, people pay more attention to intrusion detection system which has the ability of active defense. The network data to be captured and detected increases quickly for the rapid growth of network bandwidth, it leads to the handling ability of intrusion detection system in packet becoming bottleneck problem, so load balancing technology becomes one of the key technologies to solve the problem. Load balancing technology evenly distributes the tasks to be disposed to multiple processor nodes, and builds up a strong system by using existing processor, which saves the cost.We can regard the equalized assignment processor nodes as a problem of role collaboration. To solve the problem, this paper introduces E-CARGO model. E-CARGO model is a kind of role-based model, and it has solved a lot of questions about the group collaboration. It is increasingly paid attention to by scholars at home and abroad.Firstly, combining the features of high-speed network intrusion detection, this paper puts forward a multilevel structure of the collaborative intrusion detection by E-CARGO model, and each level in the structure both has a load balancer. This paper also studies the roles existing in the structure. In order to achieve the goal of parallel processing, event detection role is divided into four roles:TCP event detection, event detection UPD, ICMP event detection and application layer event detection. Then, every role is defined by the E-CARGO model, and Agents are managed by using the formation way of group as unit. This part discusses the flexible group of intrusive detection, and the strategy of distribution and reclamation.Secondly, this paper designs a load balancer according to E-CARGO model, and the load balancer uses regular feedback mechanism and dynamically gets load information from each processor node, and then it evaluates the ability of the Agent according to the information. Load-balance algorithm distributes the tasks on the basis of the results of the assessment. The ability of the Agent relates three factors:the load condition of itself, the performance of processor nodes and the task size to be dealt. Therefore, this paper considers the above factors in evaluating the capabilities of the role that Agent plays. This paper introduces an evaluation matrix for calculating easily, and the matrix digitally shows the capability of the character that Agent plays.Finally, Simulation experiment was carried out in the paper. The experimental results show that it not only has significant advantages on time complexity, but also in terms of load rate and packet loss rate.