Design And Implement For An Mobile Agent Based Adaptive Distributed Intrusion Detection System

With the development of network technology and application, network security becomes increasingly more important. Network-based intrusion detection systems need deal with so many data that false positives and false negatives often occur. So, doing research on the improvement of intrusion detection system performance is not only challenging but also very important.In this paper, the mechanism, methods of and countermeasures to the improvement of intrusion detection system performance are discussed. After that, several improvements to intrusion detection system are given, which reduce false positive rate and false negative rate and enhance detection speed.Previous research mostly focuses on new detection algorithms rather than the optimization of current algorithms. MAAIDS, which is an acronym for mobile agent based adaptive distributed intrusion detection system, is proposed to enhance intrusion detection system performance. We explain the design and implementations of agents,which operate based on their (possibly imperfect) beliefs about the current status of the network and use their plans and capabilities to cope with the real world intrusion detection and automated response problems. MAAIDS can optimize itself by a mobile agent named Improvement Agent. Improvement Agent roves and evaluates the performance of a Data Analysis Agent which the Improvement Agent is in its host. According to the evaluation, the Improvement Agent makes an optimization plan to make the most of the capacity of the Data Analysis Agent. Compared to traditional distributed intrusion detection systems, MAAIDS is a more adaptive and efficient system.As an adaptive system, optimization mechanism is put up here. It includes three parts, optimization judgement mechanism, optimization plan creation mechanism and optimization plan evaluation mechanism. Through the three procedures, an optimization plan is born.The optimization plan includes data packets distribution plan and detection algorithms switch plan. Data packets distribution plan enables most packets are sent to proper analysis components which deal with them in higher efficiency. Detection algorithms switch plan is responsible for analysis components choosing proper detection algorithms in most time. From optimization plans we choose the most excellent plan to execute by genetic algorithm.Here the components of MAAIDS are investigated in the term of agent. Components structures and intelligent attributes are established. We also set up communication protocol and model between components so components can interact with each other when MAAIDS is working. Through interactions, MAAIDS becomes a more intelligent intrusion detection system.