Agent-based Distributed Intrusion Detection System DIDIAs

Network-based Intrusion Detection Technology is explored and an Agent-based distributed Intrusion Detection System DIDIAs is constructed in this thesis.Firstly,Causes of the security Problems of Internet,the advantages and the disadvantages of the popular network security technology are analyzed in this thesis. Due to its essential role in network security,research on intrusion detection techniques is of great importance. The advantages and the disadvantages of misuse detection and anomaly detection are respectively analyzed in this thesis. The cost and the security performance of IDS of Various architectures are also discussed.An Agent-based distributed intrusion detection system-DIDIAs is designed and implemented grounded on the research of Intrusion Detection technology. The system consists of three modules:agent,transceiver and monitor.DIDIAs system can be distributed on any number of hosts in a network and each host holds a certain number of agents. Agent,which does data gathering and processing,is the most active component. Agents on every host will report their findings to a transceiver. Transceiver,which is the control unit of agents and responsible for the host-based intrusion detection,will report its result to a monitor after reducing the data received from agents. Monitor,which is the control entity of the transceivers residing in the hosts of the protected network,can be organized in a hierarchical fashion such that a monitor can be responsible for network-based hierarchical fashion such that a monitor can be responsible for network-based intrusion detection.Communication is the key problem in distributed systems. In DIDIAs,pipe is chosen as the inter-hosts communication way and socket as inter-hosts communication way.Detailed implementation of DIDIAs system is stated in the thesis. States of entity,message and I/O subroutines that are responsible for transmitting messages are firstly introduced,then the implement of agent,transceiver and monitor is presented respectively.The architecture of DIDIAs runs on networking hosts with Unix/Linux operating system. It is competent for the task of host-based and network-based intrusion detection.