Design And Implementation Of Mobile Agent Based Distributed Network Intrusion Immune System

With the network having become more common, the network security problem is becoming urgent. Among the diversity of security technologies, intrusion detection technology is one of the focuses. This thesis at first elicits the situation of nowadays intrusion detection technology and Intrusion Detection System (IDS) after explaining the basic concept of intrusion detection. Then on the basis of analyzing some representative IDSs the shortcomings existing in traditional IDS are presented, such as being lack of distribute distributivity, flexibility, interoperability etc. Therefore new technologies are needed for explored to improve the overall performance of IDS.Supported by the National Natural Science Foundation (69883005), this dissertation launches out into researching applying new rising intrusion detection technologies in building next generation intrusion detection system.In recent years, biological immune system are being paid more and more attention due to its functions of distributed information processing, which is applied to system design in many field including pattern recognition, fault diagnosis, virus detection. Intrusion detection systems should protect computers or network from damage of hackers, which is similar in functionality to the immune system protecting the body (self) from invasion by inimical microbes (nonself). On this aspect, biological immune system can be made important use for reference in the field of intrusion detection system. On the other hand, Mobile Agent is an emerging distributed computing technology. Its mobility and flexibility are perfectly fit for develop new generation of IDS. This thesis systematically introduced the basis theories of these two technologies and analyzed their characteristics and advantages, which provides comprehensive understanding of the key technologies used in this thesis.And then this thesis put forward the design objects of our system, compared the similarities between immune system and IDS and immune system and Mobile Agent system, presenting the design thought that simulating the immune system using Mobile Agent to detect intrusions. Based on above discussion a design blue print is provided in detail, which including functions of each module, infrastructure, working flow and algorithms of each part and the cooperation scheme among Agents. Expatiated on several aspects such as how to express the network data to antigen, how to produce antibody todetect the antigen, how to organize the Agents to realize distributed intrusion detection and how to response to intrusion, etc.Based on above design, this thesis introduced the developing circumstance and some key implementation details of MANIIS (Mobile Agent based Network Intrusion Immune System), which is the prototypical system implementing the design blue print. Afterwards this thesis evaluate the performance of MANIIS from quantitative and qualitative aspects through experiments. The result shows that MANIIS has characteristics of extendibility, configurability, scalability, adaptability, robustness and global analysis ability and can detect network intrusions with better efficiency and veracity, which satisfy the require of next generation intrusion detection system.At last, done work is summarized and some further goals are represented.