37 results about "Distributed intrusion detection" patented technology

The invention provides a distributed intrusion detection system and a distributed intrusion detection method applied to dynamic virtualization environment. The system comprises a detection management center, and intrusion detection engines positioned on physical servers, wherein the detection management center is used for acquiring information of a source physical server and a target physical server to which the current virtual machine belongs before and after migration; a virtualization management server in a virtualization platform performs intrusion detection stop configuration on the intrusion detection engine on the source physical server and performs intrusion detection start configuration on the intrusion detection engine on the target physical server; and the intrusion detection engines are used for performing intrusion detection on specific virtual machines on the corresponding physical servers after an intrusion detection start safety strategy is configured, and stopping intrusion detection of the specific virtual machines on the corresponding physical servers after an intrusion detection stop safety strategy is configured. By the system and the method, the virtual machines can be continuously monitored.

The invention discloses a vehicle networking abnormal intrusion detection method based on traffic flow density difference, belonging to the field of vehicle networking and network intrusion detection.The invention is provided with an event analysis module in a vehicle-mounted unit and a roadside base station. Firstly, a distributed intrusion detection mechanism or a centralized intrusion detection mechanism is selected according to the difference of the actual traffic flow density in the road network. Then, the network information and traffic information in the vehicle node are obtained by the vehicle unit, and the anomaly intrusion detection in the vehicle network environment is realized by using the event analysis module of the vehicle computer or the roadbed computer and the weighted improved naive Bayesian algorithm to classify the information. The two detection mechanisms of the invention cooperate with each other so that the vehicle node can be detected under any moving speed, thus ensuring the integrity and high efficiency of the intrusion detection, and solving the problem that the traditional intrusion detection system is not adapted to the dynamic change of the vehicle networking communication and the network node moves quickly.

The invention discloses a distributed intrusion detection system and a connecting method of centralized management in the same, improving the security of a detection engine in the distributed intrusion detection system. The method mainly comprises the following steps of: starting a monitoring opening by a management control center; detecting the management control center by the detection engine; sending an identity authentication request to the management control center by the detection engine for identity authentication; and establishing communication connection between the detection engine and the management control center after the management control center is authenticated. Compared with the prior art, the technical scheme provided by the invention greatly lowers the communication management complexity of the distributed intrusion detection system, improves the security of the detection engine and reduces the workload of a system administrator.

The invention discloses an element identifier distribution method and an application layer routing method based on element identifier, which is applied in centralized-management multilayer distributed systems. In the method, node elements and element identifier of each level of a distributed system are established layer by layer; a routing table item based on the element identifier is generated in the process of generating and distributing the element identifier; and addressing is performed through the element identifier during communication so as to realize application layer routing based on the element identifier, which is needed by the communication of the centralized-management distributed system. The invention also provides a plurality of default routing rules of the routing method. The application layer routing method which is generated in the invention and based on element identifier is unrelated to TCP / IP (Transmission Control Protocol / Internet Protocol) routing methods, has the characteristics of simplicity, practicability, stability, reliability and resource conservation, and can meet special needs of distributed intrusion detection systems, distributed network auditing systems and various centralized-management multilayer distributed systems.

The invention discloses an intrusion detection system based on brain-inspired computing, which includes management and control nodes, distributed detection nodes, an SDN switching network, and a brain-inspired computing platform; the management and control nodes are used to manage and control distributed intrusion detection nodes; The distributed detection node is used to detect the allocated network traffic, and combined with the support of the brain-inspired computing platform, judges in real time whether there is an intrusion behavior; the SDN switching network is used to replicate and / or distribute the network traffic distribution; the brain-inspired computing platform is used to provide computing power support for the management and control nodes, the distributed detection nodes, and the SDN switching network. The invention realizes intelligent detection strategy management and control, intelligent detection flow control and rapid real-time detection.

The invention discloses a distributed intrusion detection method based on an ant colony algorithm. The distributed intrusion detection method comprises the following processes: starting, initializinga distributed sensor, setting parameters of the ant colony algorithm based on attribute decision making, constructing a decision tree structure definition rule, setting ants on sensor nodes, determining a next node of data fusion, partially updating the information factors of an ant selection path, trimming the decision tree, and updating all information factors of the ant selection path, if an optimal path is not discovered, returning to the step of partially updating the information factors of the ant selection path; and finding the optimal path, creating the optimal path, and fusing data information. Compared with the prior art, the distributed intrusion detection method has the advantages of improving the detection efficiency of data intrusion in a network system, reducing the energy consumption and effectively guaranteeing the security of the distributed network system.

The invention relates to the field of network communication, in particular to a distributed intrusion detection method, a distributed intrusion detection device and a distributed intrusion detection system. The method comprises the following steps of: acquiring own flow information and generating a flow table; calculating early warning information according to the flow table; when the flow table only comprises own flow information or when the early warning information meets neighbor communication conditions, acquiring the flow information of a neighbor node and flow information acquisition time, and updating the flow table and the early warning information; when the early warning information meets global communication conditions, acquiring the flow information of a global node and the flow information acquisition time, and updating the flow table and the early warning information; and when the early warning information meets early warning conditions, performing intrusion early-warning. In the technical scheme provided by the embodiment of the invention, only the flow information of the neighbor node needs acquiring when the early warning information meets the neighbor communication conditions, so the data traffic in distributed intrusion detection is reduced and the influence of the distributed intrusion detection on network performance is reduced.