Research On And Implement Distributed Intrusion Detection System Based On Mobile Agent

As an active secure protection technology, intrusion detection can detect internal attack, external attack and misuses, etc. in time, respond to the intrusion and hold up attack before the system is broken down. We can set up a multi-layer, in-depth defense system for network by utilizing intrusion detection system.Intrusion detection can monitor and analyze the behavior of users and system, audit the system configuration and holes, assess the integrality of data and sensitive system, recognize attack action, add up and audit the abnormal behavior, collect the patch related with system automatically, and record the hacker's action uses honey pot. Intrusion detection helps system administrator monitor, audit and assess the system state easily and effectively. Intrusion Detection System becomes an essential complementarity of FirewallThe instruments of networks attack develop in the direction of distribution and adopt sorts of technology of data processing, and so their destructiveness and concealment get stronger and stronger. Accordingly, IDS have to develop in the direction of distribution.Mobile Agent technology is a distributed computing technology originated from intelligent agent. Comparing with traditional distributed technology, MA has significant advantage. It can reduce network load greatly, run independently and asynchronously as well as be configured dynamically to be adapted to network actual condition. Its uniqueness in object transfer and other excellent properties bring a revolution to the distributed technology greatly. With the development and application of intrusion detection systems, mobile agent technology has also been applied to distributed intrusion detection systems.This paper proposes a distributed Intrusion Detection System model which adopts Mobile Agency technology. This model takes Mobile Agent as its organizational cell, and integrates the ideas based on distribution and Mobile Agent and adopts collaborative mobile agent structure without central control with the help of agent's property such as intelligence, mobility collaboration and self-adaptability. This model system can be deployed on any host system that needs to be monitored according to specific security strategy configuration of network system. So long as a monitored host system has been installed running environment of mobile agent, which can become a...