The Research on Load Balancing in Network Intrusion Detection System Base on PC Student: Teacher:
Abstrct: In recent years, the growing network traffic, increasingly complex network structure, the endless attacks, made the traditional IDS, which base on technology of load balancing and centralized management constitute and has poor expansibility and adaptability, also can not meet the requirement of the current network environment. This paper designed a kind of load balancing technology in a intrusion detection system based on cluster (HMNIDS). By center data collection, layer-stepping data analysis and the collaborative detection of multi-detection engine, we solved the problems of traditional IDS on poor adaptability and expansibility in the high-speed, complex network environments. The wholes system is divided into three module ,every module has clear own function. The main researches and creative points are as follows: Firstly, in view of the features connection with detection module, we designed data stream distributed module which has a dynamic load-balancing algorithm that dynamic adjust distributed strategy by sending information of detection machines. Secondly, In addition ,we added function to forecast doubtful data stream on the view of macroscopic in data stream distributed module , proposed a concept of Access Pack Densities and formula of calculate Access Pack Densities. Furthermore, the function of load balancing is designed to complete by two computer which processing data is different and increase speed of data distributed. Thirdly,Data capture module is made use of Trunk and PortMirror technology of switch by a new sort of structure which many data capture machine gather data of backbone network. At last, we designed a simulated network environment which suite for the testing of this system and had done a test experiment to the HMNIDS in this environment. Performance analysis and experiments demonstrate that the model is scalable, and can dispatch packets reasonably and utilize intrusion detection system’ sources effectively.