An Agent-based Network Intrusion Detection System

Firewalls have been playing an important role in the area of network security. However, it is unlikely to successfully protect the network by firewall itself, due to the development of network and the progress of techniques that attackers use. IDSs make an excellent complement to firewalls, and expand the reach of system-security administrators. Athough much had been done in the field in the past more than 20 years, IDSs are still at a stage of development. IDSs become the focus in the network security area and have a good prospect.Beginning with giving the essence and some background information of network security, the paper describes the basic theory and current state of intrusion detection technology, analyses the advantages and drawbacks in various intrusion detection techniques, represents the taxonomy of IDSs from different views, and provides a description of the main difficulties and new directions in IDSs arena. The theory of agent and its application in the area of intrusion detection are also depicted for the later use of agent in my system. NIDS has the weakness of dropping packets if the network traffic rate is too high, resulting in a decrease in the detection rate and a rise in the false negative rate. An agent-based intrusion detection system is proposed to avoid the case of dropping packets in present network-based IDS, which is caused by the increasing network throughput. According to the throughput of network, the number of detection agents in my system can be dynamically adjusted, allowing traffic partition over several detection agents as well as consuming system resources at an acceptable level. The paper provides a detailed explanation on the architecture and working process of my system, and evaluates the system performance by analyzing the test data. Every detection agent, the experiments indicate, independently analyzes the network traffic given that the number of detection agents in my system is more than one, which helps resolve the dropping-packets problem to a certain degree.The paper ends with a summary, a brief evaluation of my system as well as the further problems we will solve in the future.