| Because of the development of the Internet, it becomes more and more important to improve the security of networks, and studies of network security technologies also become a little bit hot. being the last strobe of security, Intrusion detection system also defends the other security sub-system. Due to its essential role in network security, research on intrusion detection techniques is of great importance.Firstly, causes of the security problems of Internet, the advantages and the disadvantages of the popular network security technologies were analyzed in this thesis. Then the advantages and the disadvantages of current intrusion detection system were studied.In numerous intrusion methods, the attack from the bounce host is more difficult to defend. This paper aims at this kind of attack method, proposes a framework model of a distributed-IDS based on soft Agents and builds a prototype on this model. This model is a hierarchical tree structure, agents on the tree leaves and middle nodes collect and analyse pre-defined audit data. The central server will receive and analyse the results made by agents, then make response.The integration of UML and Colored Petri Nets is examined .in modeling phase. We use UML to describe the whole system architecture, and use Colored Petri Nets to describe intrusions and specify agent design.At last, we build a prototype of this model on Java platform. This prototype running in Linux/Windows environments, and can detect Ftp bounce attack.
|
PDF Full Text Request