| The dissertation analyzes the evolvement of the architecture of Distributed Intrusion Detection System(DIDS) and the way of information sharing among components in DIDS, and then studies the communication mechanism in Common Intrusion Detection Framework (CIDF), Intrusion Detection Exchange Protocol (IDXP) and those adopted by existed DIDSes. There are two problems that are unconsidered in the above solutions. One of them is that the heterogeneity involved in message transmission is unconsidered or considered incompletely, which is not convenient for component integration in a heterogeneous network. Another is that query function is not supported, which is not convenient for cooperative detection among components. To achieve cooperative detection, sending components must send all detected information to receiving ones. Otherwise, the latter may miss some import information. So, receiving parties have to spend some resources in processing unwanted messages and may be overwhelmed by them. Meanwhile, some network bandwidth is also wasted.To solve the above two problems, the dissertation puts forward a solution of putting Message Oriented Middleware(MOM) and Semantic Web technology together. As for Semantic Web technology, DAML+OIL, a kind of ontology description languages ,is used to define an ontology for description of intrusion detection event types and semantic match based on that ontology, along with interaction among Agents, provides publication, withdrawal, query of intrusion event types. As for MOM, Notification Service from CORBA serves for message transmission to overcome the heterogeneity and cooperates with the function of information query. Based on the above solution, the dissertation describes how a prototype of Intrusion Detection Message Cooperation Middleware is implemented with some toolkits including JADE, Jena, DamlJessKB, Jess and TAO. Finally, an instance is described how to apply the prototype in distributed event correlation.
|
PDF Full Text Request