The Research On Distributed Intrusion Detection System Based On Agent

Intrusion detections are the behaviors that someone wants to occupy, seize or destroy other people's computer resource. Intrusion detection behaviors bring a serious safety threat for the information and resources of the network. Recently, some intrusion methods that were hard to detect were appeared. For example, slow intrusion, change character, interleave and escape, destroy system log, distort operating system kernel, deny of service. And the traditional intrusion detection systems which only based on host or network display their localization to detect these intrusion behaviors. Distributed intrusion detection was proposed, that adopt several detections parts, and each part chooses different detection method, then work together to accomplish the detection task.Agent has gained considerable research interests in recent years, it has a significant position in computer science, and has already got an extensive application in distributed computing. The intrusion detection systems which based on agent technology may not only realize distributed idea, but also have the intelligent characteristics, so they can detect new intrusion behaviors. Particularly, multi-agent system has special advantages in the application of large-scale, distributed and cross-platform computing. It can accomplish the detection task overall situation, make the systems have clear structures, good expansibilities and transplantation that using agent to distributed intrusion detection systems. So they needn't many host and network resources, cut down the possibility of the bottleneck, and apt to distribute service.The research work of this dissertation includes 2 sides, agent and distributed intrusion detection. It proposes a distributed intrusion detection system named MAIDS, based on summarizing and improving the cooperating theories between agents. This dissertation analyzes by theory methods from dependability, desirability, accuracy and suitability of the system. And realizes some modules of the system, proves the merits that it may has by experiment.The creative works of this dissertation includes as follows:1. Summarizing existing multi-agent systems in the view of bionics and ethics.2. Improving the methods of cooperating between agents such as coalition, many work are based on the FIRE model of multi-agent system that proposed by Jennings in 2004.3. Proposing the ethics model of multi-agent system.4. Designing MAIDS, which is a model of distributed intrusion detection system based on agent.