| As a kind of active measure of information assurance, IDS(Intrusion Detection System) can find the intrusion from the trace and pattern of their actions. It has been another line of defence behind firewall. It acts as the effective complement to traditional protection techniques.The thesis firstly introduces the conception of the Network Security and current situation in network security techniques and production. Then it analyzes the defects of traditional network security techniques and discusses the IDS' s history, classification, detection methods etc.The thesis secondly presents the Mobile Agent technology. Mobile Agent is a conception been put forward lately. It offers a new computing paradigm in the form of a software Agent. It can suspend its execution on a host computer, can transfer itself to another Agent-based host on the network, and can resume execution on the new host. So that the mobile agent has the properties of such as mobility, flexibility, adaptability, operating in heterogeneous environments, reusing code etc.After introducing the development of today' s IDS and mobile agent technology, a structure model of mobile agent-based intrusion detection system (MAIDS) is proposed. The function and configuration of all function modules of MAIDS is particularly discussed and implemented. For the existing techniques, it mainly analyzes network layer protocols and transport layer protocols, It attempts to analyze application layer protocols and in order to accurately locate the field of detection. Combining anomaly detection and misuse detection together, the various of exceptional executions of protocols, protocol attacks and some attacks which are difficult to be detected, such as polymorphic attacks, can be effectively detected.At last, it shows the validity and rationality of the distributed intrusion detection system based on mobile agent with many experiments.
|
PDF Full Text Request