Research On Intrusion Detection System Based On Mobile Agent

Along with the faster growing and the wider application of computer network technology, especially the transmission of governmental and military information in the network, the people have paid more and more attention to the network security problems. As an important and active security mechanism, intrusion detection has reinforced the traditional system security mechanism and become the main means to detect the network attack. However, due to the continuously updating of the attacks and intrusions, today the large-scale distributed attack has become the main attack method and the network security research is focusing on the distributed intrusion detection system.In addition, the mobile agent has become the focus of the research in the distributed calculation field. In contrast with the traditional distributed calculation model, mobile agent can reduce the network bandwidth usage by moving data analysis computation to the location of the intrusion data, support heterogeneous plat-forms, and offer a lot of flexibility in creating a distributed intrusion detection system.In this paper, we proposed a new distributed intrusion detection system model based on mobile agent. The main contributions of this dissertation are summarized as follows:Firstly, the security of the mobile agent platform Aglet of IBM is improved. The security of the mobile agent platform consists of the security of the host computer and the security of the mobile agent. In this paper, in order to ensure the security of the intrusion detection system, the mobile agent protection mechanism of Aglet is increased.Secondly, the anomaly detection model based on K-means algorithm and SOM network is constructed. It can classify the normal and abnormal network data stream so better to detect the unknown attack.Thirdly, the misuse detection model based on decision tree is proposed. In this dissertation, the decision tree algorithm is improved to adapt to the emergence of new classes. It can better make use of the old tree to build the new decision tree. Therefore,...