1. Implement A Network Intrusion Detection System Using a Design Pattern: Virtual Interface Machine to Improve Decoupling and Efficiency of Development? 授課教授：張顧耀 學生：薛丁瑋

2. Outline  Introduction  Problems about decoupling and UI Design  Virtual Interface Machine  Use Virtual Interface Machine in Network Intrusion Detection System  Conclusion

3. 作者 & 出處  Han Hong; Lu Xianliang; Lu Jun; Cheng Bo;  Communications, Circuits and Systems and West Sino Expositions, IEEE 2002 International Conference

4. Introduction  There is an eternal theme in software engineering. Reuse Maintenance  There are some existing design patterns to handle the problem. MVC Mediator pattern Observer pattern Virtual Proxy pattern

5. Introduction (Cont.)  We present a design pattern called Virtual Interface Machine that achieves three goals. Separate UI from logic layer sharply and easily construct logic layer to form hierarchy system Decouple components of UI absolutely The pattern provides a method to combine graceful design style with drag-and-drop way of RAD tools.

6. Problems about decoupling and UI Design  There are three problems in UI design. First, how to separate UI from logic layer gracefully. Second, we call sub-logic problem is obscure and subtle. Third, concerned with a contradiction between efficiency and reuse.

7. Virtual Interface Machine  Virtual Interface Machine, of which the motivation is to decouple components of UI absolutely and to separate UI form logic layer entirely.

8. Virtual Interface Machine (Cont.)

9.  The declarations of relative methods are as following:

10. Virtual Interface Machine (Cont.)  When needing a service, the client could connect to the server by sending message. We call this way Notify-Connect mechanism that is the key to decoupling in the pattern.  About the problem of efficiency of development. We present an approach called drag-drop-and- add.

11. Use Virtual Interface Machine in Network Intrusion Detection System  We show two cases in which we could apply Virtual Interface Machine pattern. One is to decouple components of UI. The other is to structure Logic Layer.  We will combine both cases into one example. In addition, the instance shows the approach we call drag-drop- and-add.

12. Use Virtual Interface Machine in Network Intrusion Detection System (Cont.)  In our design, we have two VIM ： TAlarmUI is used to decouple UI components. TDetectEngine is used to decouple logic layer.

13. Use Virtual Interface Machine in Network Intrusion Detection System (Cont.)  TAlarmUI works as following ： First we align our UI in drag-and-drop way. Every TVirComponent is created and then the related visual component is added into TAlarmUI by calling AddCommponent. If one TVirComponent is triggered, it will broadcast a message to notify the trigger, and transfers relative parameter to others.

14. Use Virtual Interface Machine in Network Intrusion Detection System (Cont.)  We use TDetectEngine to structure logic layer. Every method of detection is encapsulated in TDetector that is subclass of TVirtualComponent. Packet capture module called TPacketCapture is also build as a subclass of TVirtualComponent.  When add TDetector and TPacketCapture into TDetectEngine, they could work together. (TDetector get packet from TPacketCapture).

15. Use Virtual Interface Machine in Network Intrusion Detection System (Cont.)  This architecture could easily have TDetectors cooperate together.  That means we could have both advantages of two architectures: Pipeline Implicit invocation

16. Use Virtual Interface Machine in Network Intrusion Detection System (Cont.)  Example All Object could work together by TDetecEngine Analyze DoS attack  Detection begin from traffic level  DoS detection  Up to distribute DoS detection  Globle level detection

17. Conclusion  Find a key factor to reuse is how to reuse the sub-logic layer that should be decentralized, not centralized in single object.  The pattern benefits from efficiency of RAD tools in UI design in a drag-drop-and-add way with high reusability and maintainability.