| Intrusion Detection System is the key tache of the dynamic network security model. As the expanding of the network' scale, the network attack become distributing and collaborative. So it requires that the intrusion detection system also develop toward distributing and collaboration. The main content of this paper is design of distributed collaborative intrusion detection system based agent, and the purpose is building a distributed intrusion detection prototype system that is in the face of the large-scale network. The emphasis of the paper is implementation of the detection agent and the collaborative mechanism among agents.This paper briefly analyzes the current network security problem and some kinds of solutions, and explains the importance of the intrusion detection system in the network security system. The paper introduces the definition, function, classification and the main detection technology of intrusion detection.And then, the paper present three representative collaborative mechanism of the distributed intrusion detection system, advantage and disadvantage of them are analyzed. Based on the event notification service that adopts the content-based communication mechanism, a peer-to-peer distributed intrusion detection system model is proposed. The paper expatiates on the topology of the event notification service, the routing arithmetic of the message and the strategy of the routing management.Intrusion detection agent implements the basic detection function of the distributed intrusion detection system. The agent adopts protocol-analysis technology. Protocol-analysis technology proceed from the peculiar regularity of the network communication protocol is a relatively advanced detection technique at present, and it has overcome some fundamental defects of the traditional pattern match technology. The paper expatiate on each function module of the detection agent.With the wide application of the Internet, worm's threat to security of... |
PDF Full Text Request