The Research On Self-Protection System Based On Multi-Agent

With the development of Information technology, Network security is gettingmore and more important. Several key technologies of network security are studiedand analyzed systematically in this dissertation. They are network security model, themechanism of Distributed Denial of Service (DDoS) Attack defending, clusteringalgorithms for network intrusion detection, information encryption algorithm, andautonomic intrusion response.Some innovations have been achieved and presented in this dissertation:Having studied the currently network security and agent technology, thisdissertation presents a self-protection model based on multi-agent and describes thecomponents and property of this model in detail.DDoS is one of the greatest menaces to Internet. The existed mechanism fordefending DDoS can't distinguish normal network packets and attack network packetswhen the contents of network packets of DDoS are randomized. This dissertationpresents a mechanism for defending distributed denial of service attack which candetect the presence of a potential DDoS attack and divert attack traffic destined for thenetwork being monitored without affecting the flow of legitimate traffic. Emulationshows that this mechanism for defending DDoS is effective and feasible.Data mining has unique advantages in acquiring unknown knowledge. So,intrusion detection based on data mining becomes a hot issue. This dissertationpresents an Improved Partitioning Around Medoids (IPAM) algorithm and evaluated itperformance on the network connection data sets. Experiment studies show that thisalgorithm is feasible and effective for unknown intrusion detection.In this dissertation a new word-oriented stream cipher which based onconventional encryption algorithm is presented. A complete description of thealgorithm, an evaluation of its security properties, performance and implementationaspects are given. The cryptanalysis of this algorithm does not reveal an attack betterthan exhaustive key search. The Speed of this algorithm is as fast as commonly blockciphers.At last, a cost-sensitive model based on reliability degree is proposed. Then anautomated intrusion response technique that is based on multi-source Eventscorrelation is introduced and a prototype of automated intrusion response has beenimplemented.