| Recently, network has a great development in the world, while the security problem of network is standing out. The main threat comes from intrusions on network. At the same time, intrusion technique has a great development and changes. So to detect and protect computer system, network system and all the establishment of information infrastructure have been an urgent project. The research of intrusion detection system has the important theory and reality significance.Firstly, this paper summarizes the investigation of current IDS. It analyzes the development and existing condition of IDS in China and other countries. It points out the major questions and the tendency what we are facing to. It proposes the application of mobile agent which can solve the facing questions. According to this, we construct the agent-based IDS.Secondly, we analyze the exiting model and construct this system model. This system model is an open system with good scalability. It is easy to add new cooperated hosts and agents to expand new intrusion patterns. The cooperation among agents is implemented just by the communication. Every agent is made up of three parts: trace manager, information manager, communication manager. Trace manager is an entity which can run independently. It monitors and controls the side of hosts, and reports the exceptional or dubious actions to information manager. Information manager is provided with controlling and dealing with data. Communication manager, which is established in the connection of TCP by cryptogram, can transmit. In the system, every agent cooperates with others when they take their actions. This system can be distributed on any number of hosts on a network and each host holds a certain number of agents. Trace manager, which does with data gathering and processing, is the most active component. Trace manager in every agent will report their findings to an information manager. Information manager is the control unit of trace manager which is responsible for the network-based intrusion detection.Thirdly, this paper talks about the accomplished functions of the system, and the detecting questions by taking example for trace manager. And the performances of system are detected.Finally, this paper sums up the working situation. The advantages of IDS based on agent are with good scalability and easy to configure. The disadvantages of IDS based on agent are the failure of single point and easy to the bigger of communications load caused by the wrong of cutting data. These research and implementation are the foundation of our future working, and point out the direction.
|
PDF Full Text Request