Distributed Intrusion Detection System Based On Mobile Agents

With the fast development of network technology, the network topologies become increasingly complex and the intrusion activities are getting more and more frequently. So the IDS (Intrusion Detection System) which is the necessary and useful addition to the firewall catches the experts' eyes in the field of network security.Firstly, this thesis introduces the history of the IDS, and analyses the development of today's IDS. It advances a model of distributed intrusion detection system (DIDS) based on mobile agents. Comparing with the traditional Centralized Intrusion Detection System, the new one is regarded a great progress in applying distributed components to collect and analyze the intrusion data. As an autonomous detective unit, the Mobile Agents are able to move to the monitored hosts, analyze the local log data, find intrusion behaviors and then respond. The framework makes use of the properties of mobile agents such as mobility, flexibility, adaptability, operating in heterogeneous environments, reusing code to overcome a number of shortcomings of currently deployed IDSs, such as lock of efficiency, lack of portability among monitored environments, limited flexibility (includes scalability and dynamic reconfiguration), limited upgradability, etc.This model can deal with the distributed and cooperative attacks. In a word, the Mobile Agent model is more effective than its predecessors.