| The increasing number of intrusion incidents makes it important for organizations to actively protect their sensitive data with security products. To some extent, Firewall and IDS give a solution to network security. However, intrusion skills are developing and evolving at the same time in the way of variety, complexity, larger scale and distributed initiation, which makes it necessary for Intrusion Detection Sytem to become more intelligent and more cooperative with other security components in a distributed manner.Distributed Intrusion Detection System(DIDS) breaks through the limitation of traditional IDS based on single host or network. But traditional DIDS is always based on sensor/manager architeture, the monitoring and data analysis are all placed on the control center, which not only increases its process burden but also causes single point failure for the whole system.In this paper, a distributed intrusion detection system based on autonomous agent[1] is proposed. The system is organized in a hierachical structure. The monitor and transceiver cascadely cooperate and control all the agents in different autonomous regions. Since control function is distributed to autonomous regions and hosts, the problem of single point failure is thus prevented. The adoption of Publish/Subscribe[2] communication paradigm cuts the communication cost between different entities and improves efficiency and flexibility. By the cooperative module with firewall, the system is equipped with the ability to block intrusion in real time. Specifically, the work of this paper includes:Design a DIDS model based on autonomous agent. Analyse the strongpoints and limitations of current distributed intrusion detection system from the perspective of architecture.Design the module structure of the agent based IDS system, introduce the function of every module. The main function entities of the system are... |
PDF Full Text Request