| As emergence of the high-speed network, improvement of attacker's technology lever, extension of attack's scale, complication of attack methods, traditional IDSs can not satisfy such request. So this paper presents an new model, called C-MAHIDS, based on research and analysis of the structures of some intrusion detection systems, specially IDSs based on mobile agent.I carefully design and plan for the structure of C-MAHIDS based on a detailed research and analysis of traditional IDSs, specially for MA-IDS. The C-MAHIDS has some merits such as little network load, high-performance which are the same as IDA, MAIDS, because It uses mobile agent to perform tasks of data collection and analysis which are needed for intrusion detection. In the next place, the system structure is decentralized, each node in the system is equal, which can resolve some problems such as low real-time, single point failure and fault tolerance which hierarchy or tree-like systems have. The system extremely builds up stabilization, fault tolerance and anti-attack capability. In addition, the system uses a new correlation technology, called distributed correlation script, which can define cooperation among agents. As a result, the system is configurable easily, adaptable to change and extensible. Another characteristic it has is that it can reuse existing IDS components, so it is true to avoid unnecessary repeat tasks of development.Subsequently, we evaluate performance of the system theoretically, the conclusion is that the system has stronger fault tolerance and scalability than that tradition hierarchy or tree-like IDSs have, and ability of intrusion detection is equal to other IDSs.In the end, we implement the model elementarily in order to validate feasibility of the system.
|
PDF Full Text Request