| Intrusion detection is a new security protection technology following with the traditional security protection technology ,such as "fire-proof-wall" , "data encryption'Mt collects information from the critical points in computers and networks, then it analyses the information and searches the intrusion marks. At last, it responses to the intrusion to protect the system. The research is to build an effective, adaptive, and extendable intrusion detection model. The intrusion detection system based on mobile agent can chase the attacker and find the place, which the attacker exists, which can solve the problem that the usual intrusion system can only response passively.The author puts forward a distributed intrusion detection system model based on mobile agent and protocol analysis. The intrusion detection system model according to the development situation of intrusion detection technology consists of three levels. The first level is central controllers. The second level is controllers. The third level consists of watcher agent, analysis agent, response agent, trace agent. The mobile agents form a forest control structure. Every sub-net which is controlled by control agent adopts different intrusion detection analysis method. The thesis only argue the sub-net adopting the pattern matching and protocol analysis methods.One of the two critical researches of the thesis is protocol analysis technology. Simple protocol analysis and protocol analysis based on state transition are two methods adopted by the model. The former detects if the relevant rules are satisfied by the data according to the protocol type. The latter detects the intrusion through the protocol states, which improves integration and precision of the detection.Another is mobile agent's migration and communication. The migration policies are put forward. The communication algorithm' thought, data structure and the steps are provided too. At last, the load balance policy is raised.
|
PDF Full Text Request