| The Internet has brought about great convenience to the information sharing and interchange, along with the severe challenge to the information security. As a result, the information security is playing a more and more important role in the information system.As an active protection measure for the information security, the intrusion detection effectively makes up the deficiency in the traditional security protection technology.This paper, firstly, introduce the relative work in the aspect of distributed intrusion detection. On the basis of analyzing the existing model of distributed intrusion detection, this paper brings forward an agent-based model framework of the distributed intrusion detection system. Integrating the network-based and host-based intrusion detection methods, the model uses the agent technology to detect the intrusion in the distributed environment. Enjoying the good extendibility of the model, new agents can easily add themselves to the system.The paper, concerning the aspects of systematic structure, strategic management and detection technology, mainly focuses on bringing forward and implementing the intrusion detection methods so as to meet the requirement of the large-scaled and distributed system. The center module of system manages the alarms coming from all agents, each of whom also enjoy some autonomy at the same time andcan fulfill some detective task independently. Moreover, this system module also adopts some state-check method that can protect the security of the whole system. The implement of the model has been tested under Linux system, while the structure model of the system, a general distributed intrusion detection system module, has no certain requirement for the environment.As an important research area of the network security, the distributed intrusion detection is one area that still remains many problems and technical difficulties to be solved. In the closing part of the paper, further improvement of the system has been proposed.
|
PDF Full Text Request