Research And Implementation Of A Mobile Agent Based Network Management And Intrusion Detection System

Large-scale computer networks, such as Internet, and their applications, have proposed new requirements of network management (NM), especially the security management. Traditional centralized NM systems can, however, hardly meet such requirements. Therefore, it's necessary for us to investigate and find out new, effective NM model and technology for the development of practical NM systems.Mobile Agent (MA), compared with traditional C/S model, is a novel network computing paradigm, which has some attractive features, such as dynamic adaptability, heterogeneity, robusticity and fault tolerance. It can effectively reduce the network traffic and delay, can be independent of different network protocols, and can also support mobile devices.The purpose of this thesis is to explore a new NM model and the relevant development technology. The emphasis is put on the research of the feasibility in applying MA to the distributed NM and ID(Intrusion Detection) systems. The work of this paper is significant to large-scale network application, and the development of NM systems, especially ID systems.Main contributions of the thesis are:First, we propose a MA-based model of NM and ID. Framework of the model, what kinds of MAs and how many of them should be introduced, are discussed.Second, based on this model, we designed and implemented a distributed NM and ID system, called as NetMIDS. Problems in the system development, such as MA functionality, structure, and MA's composition, are deeply analyzed.Third, problems are discussed in detail in using the system in some special environment, such as, in the situation that SNMP devices and MA devices have to work together, or when a host locate in an intranet and has no IP address.In practice, NetMIDS, working with a CORBA-based ID system, can be used to install, configure, update and start CP(Check Point). It can also query environment information and network device status of each CP by using MA. Real performance shows that NetMIDS has strengths, such as heterogeneity, distribution, scalability, flexibility, extensibility, robusticity and application-oriented. It can be beneficial to network managers and reduce misoperation and enhance the efficiency of NM.