The Research Of Multi-agent Intrusion Detection Based On Bayesian Classification

With Internet being prevalent, more and more attacks occur over the web, and they are increasingly sly. Security policy of passive resistance can't effectively resist the attacks. It is imperative to combine passive resistance and active detection to make networks and computer systems safer, and as a result, to protect important data and information from illegal intrusion.Intrusion detection is an additional security barrier for networks and computer systems, and it is supposed to detect intrusion which has got across resistance barrier. It is an active security technology. But there exist serious problems such as erroneous and missing reports in present intrusion detection system, which greatly impair the effects in protecting networks and computer systems.The thesis mends intrusion detection systems from the points of view of both software architecture and detecting measures. It enhances the correctness of intrusion detection, and decrease the occurrence rate of erroneous and missing reports.In this thesis, agent technology is introduced into intrusion detection systems, and traditional centralized intrusion detection systems are replaced by the distributed ones. Agent technology increases the intelligence of detection systems. The multi-agent intrusion detection system model which was brought forward by Ma hengtai in Institute of Software, Chinese Academy of Sciences, has been improved in this thesis; our algorithm enables agents to exert their effects much more effectively.Detecting measure is an important landmark as to how intrusion detection system works, and it is one of our research focuses. Abnormal detection based on Bayesian classification is a brand-new detecting measure introduced in the dissertation. Computer system behavior model is made by Bayesian classification, which utilizes its advantage in solving uncertain problems, with the help of this model to decide whether there is intrusion to the computer systems. This detecting measure is rather feasible, which has been proved by the experimental cases. And it greatly improves the correctness of intrusion detection.Agent technology and Bayesian classification greatly complement intrusion detection technology. They effectively enhance the accuracy of intrusion detection and reduce the erroneous and missing reports.