中圖分類(lèi)號(hào): TP393 文獻(xiàn)標(biāo)識(shí)碼: A DOI: 10.19358/j.issn.2096-5133.2020.07.005 引用格式: 楊瑞增,,陳天鷹,李玉盼. 大型分布式入侵檢測(cè)系統(tǒng)[J].信息技術(shù)與網(wǎng)絡(luò)安全,,2020,,39(7):31-35.
Broad-scale distributed intrusion detection system
Yang Ruizeng1,Chen Tianying2,Li Yupan3
1.National Computer System Engineering Research Institute of China,,Beijing 100083,,China; 2.Graduate School,,China Academy of Railway Sciences,,Beijing 100081,China,; 3.Beijing Jiaotong University,,Beijing 100044,China
Abstract: In this paper,,a large-scale distributed intrusion detection system (broad-scale distributed intrusion detection system, BDIDS) architecture is proposed to discover multi-level and multi-means attacks. These attacks are anomalies that exist between multiple subnets in a distributed network. BDIDS consists of two key components: big data processing engine and analysis engine. Big data processing is done through HAMR, which is the next-generation in-memory MapReduce engine. According to reports, HAMR has greatly improved the speed of existing big data solutions through various analysis algorithms. The analysis engine includes a novel integrated algorithm that extracts training data from a cluster of multiple IDS alerts. Based on the high similarity between clustering and known potential attacks, clustering is used as a preprocessing step to relabel the data set. The overall goal is to predict multi-method, multi-level attacks distributed in multiple subnets. If these attacks are not evaluated in a comprehensive manner, they will most likely be ignored.
Key words : big data,;distributed intrusion detection system;integrated learning