The Design And Implementation Of A Distributed Intrusion Detection System Based On Mobile Agents

With the speedy expansion of network scale and complexity, intrusion detection systems become an indispensable part of network security because of their capability of auto-detection in the intrusion behavior in computer systems and networks. Intrusion detection technology is a new generation security guard succeeding traditional security protection measures such as firewall, data encryption and so on. It can detect the attacks not only from outside but also the inner ones.However, with the appearance of large scale and high speed network, it leads to more and more rampant the actions of hackers, the more secluded intrusive tricks and unpredictable losses which pose a large challenge to the existing IDS.This paper puts forward a distributed intrusion detection system based on mobile agents, which can improve the robustness, adaptability, flexibility and extensibility of the traditional intrusion detection system.This system includes three parts: NIDS (network intrusion detection sensor), control center and the mobile agent platform. NIDS and control center are built on mobile agent platform through which NIDS communicate with control center. The control center controls the NIDS through mobile agent. NIDS has the real-time intrusion detection capability so that the combination of the real-time analysis of NIDS and the analysis of control center effectivelyimproves the performance of the intrusion detection system. The mobile agent platform which is used in this intrusion detection system is programmed by Java, while the N1DS is developed from Snort which is programmed by C++ language.This paper consists of four sections. After the introduce of knowledge of intrusion detection and mobile agent, the first section analyzes the advantage and characteristic of the combination of mobile agent technology and intrusion detection technology. The second section introduces the design and implementation of mobile agent platform. The third section introduces how to build intrusion detection system on the mobile agent system which is designed in the second section and integration of intrusion detection components and the mobile agent platform. The forth section introduces the test and application of this distributed intrusion detection system in detail.This paper puts forward the framework design and the whole implementation of a distributed intrusion detection system based on mobile agent. It provides corresponding solutions to the key problem in the design and implementation process of the mobile agent system and intrusion detection system; at the same time, it puts forwards some innovation in the implementation such as application of reliable flooding algorithm in the broadcast of mobile agent system. It has some reference value and promotion to application of mobile agent to the intrusion detection system and the combination of intrusion detection system and the other technologies.