Research Of Distributed Intrusion Detection Model Based On Immune Agent

As the network, we need to respond to the network security issues are also more and more. Such as digital signatures, access control, firewall, such as traditional network security technologies is a good meet network security needs. Network security is becoming the Internet and network service and application further develop the necessary resolve critical issues. Intrusion detection is the last few years the new network security technologies. It is effectively to compensate for the traditional network security technologies is not enough for Network Security provides real-time intrusion detection and the appropriate protective measures.Facing the fast developing Internet, the ability of traditional intrusion detection system becomes weaker. This paper focuses on introducing computer immunity and mobile-agent technology into the traditional intrusion detection system to design a computer's immunity-based mobile-agent intrusion detection system. These agents can mutually recognize each other's actives and can take appropriate action according the underlining security policies. This research is the part of an effort to develop a mobile-Agent detection system that can simultaneously monitor networked computer's activities at different levels, such as network level, user level, and system level. Compared with the traditional system, this system is flexible, distributed, and intelligent and so on. It can finish the intrusion detection and defense completely.Firstly this paper introduces the research of Intrusion Detection System based on immune principle. Secondly this article especially analyses the usable characteristic of the technology and gives us research revelations, on this basis a new kind of intrusion detection system model is presented based on the immune agent. Based on above discussion a design blue print is provided in detail, which including functions of each module, infrastructure, working flow and algorithms and algorithms of each part and the cooperation scheme among Agent. Expatiated on several aspects such as how to express the network data to antigen, how to produce antibody to detect the antigen, how to organize the Agents to realize distributed intrusion detection and how to response to intrusion, etc.Based on above design, the module of detection and responding is emulated in the system. Robust and autonomy quality are analyzed toward the model system. Afterwards these theses evaluate the performance from quantitative and qualitative aspects through experiments.