| As the Internet evolves from an academic and research network into a commercial network, more and more organizations and individuals are connecting their internal networks and computers to it and applications based on the network are utilizing widely. All kinds if information are shared among academic and commercial.But along with the great benefit of internet comes new threat.The problem on security of internet is a very serious to us.With more and more site intruded by hackers, security expert found than only use crypt technology to build a security system is not enough. The Intrusion Detection is a new security technology, apart from tradition security protect technology, such as firewall and data crypt. IDSs watch the computer and network traffic for intrusive and suspicious activities. they not only detect the intrusion from the Extranet hacker, but also the intranet users.This thesis firstly introduces the concept and composition of an Intrusion Detection System (IDS).and the means of the illegal intrusion. After the introduction, the architectures and key technologies of current IDSs are analyzed. We design an agent-based Intrusion Detection System, which has good distribute and scalable ability. It combine the network-based IDS and host-based IDS into a system, and provide detection, report and respone together.Because the increase of the transmission, the data disposal ability of normal IDS can't be satisfied. The distributed Intrusion Detection System is the direction of large network IDS in the future. This agent-based sub-IDS can be run as a sub-system of the Distributed Active Collaboration Intrusion Detection System, which can supply information for detecting distrusions, or can be run as an independent IDS to protect a network..We design a distributed IDS, use mobile-agent and many-agent technology, solve the problem of traditional IDS's large data and can't response immediately, its mobile-agent technology can balance the load. The IDS detects the intrusion with the means of pattern and data statistic, largely decreases the fault alarm ratio. it is compose of agent system, storge system, control system, analyse system and respose system..Control system communicates control central with control desk, it receives and analyses the requests from control desk, ,and sends requests to control cell and database management module ;receives the data from database management module,after dispose it and send back to control desk. It consists of security management,report management,detection management and fault alarm management.Storage system is used to store original dataand analyse result etc.the originaldata is evidence to indict the intruder.Storage system is the sharable database by different componts. So, it should provide data maintenance and query service, and it is a security log system,too.Analyse system is a crucial element of IDS,it depends on its detecting means to detect intrusion.This paper introduces tow detecting means.One is Pattern match, and it belongs to based-knowledge detecting means,it matches the action of intruder with its knowledge database,so its knowledge database must be entire,or it must miss some alarms.The other is Clustering ,it belongs to based-action means,it depends on the times to visit resource to detect intrusion,but abnormal action is not always intrusion,so it must have some false alarm.Response ayatem is main part of IDS, the IDS we design response intrusion with automatic retort and to remind controller, to decrease the hacker attacks the system with Response system,and response intrusion real time.Detection system is the destion to attack with monitoring,destroying the knowledge database and intrusion reminder,too. So detection system must have some measures to protect itself,and it should have the ability to recover by itself , and the ability to prevent latent alarm with redundant alarm.Finally,this paper discusses the problems which IDS is presently faced with and the development trends of IDS. With the development of the scale an...
|
PDF Full Text Request