An Agent-based Distributed Intrusion Detection System

The actuality of network security and a representative network security model called P2DR are analyzed in this thesis. Based on P2DR model, the popular network security technologies are analyzed and compared. Due to its important position and essential role in P2DR model, research on intrusion detection techniques is of great importance.Intrusion detection technology is analyzed and explored, and an Agent-based Distributed Intrusion Detection Model is presented in this thesis. Based on this model, an Agent-based Distributed Intrusion Detection System called A_DIDS is developed. A_DIDS can be distributed on any host in the network. A_DIDS has good distribute and scalable ability because of its four-tier distributed architecture and flexible agent system.The agent system of A_DIDS consists of four modules: monitor agent, state detection agent, intrusion detection agent and auto response agent. Every agent works independently and together to accomplish intrusion detection. Due to the agent system, A_DTDS comes into being a uniform intrusion detection system that is competent for the task of host-based and network-based intrusion detection.In the implementation of the network detection engine, the protocol analysis and pattern match is adopted to reduce the search scope and improve detection speed. We also improved pattern match algorithm, so the network detection engine can perform more quickly. In the implementation of the host detection engine, multi detection and analysis technologies are be adopted, including network detection interface technology, which will enable the A_DIDS work on switch network fine.A_DIDS has be implemented and run on UNIX/LINUX system. It shows that it is a good intrusion detection system.