| Along with the popularization of computer network applications, network security has become a concernful problem. At present, network security defending measures, such as data encryption, anti-virus program, firewall and intrusion detection, become more and more mature. Firewall can interdict most of the intruded attacks from exterior, but a part of them still can pass around the firewall to the internal network. Intrusion detection can't only identify the aggressive activities from exterior, but also detect unauthorized activities and destructions from the internal network. It became secondary line of defense for network security after firewall and be attached importance increasingly. Tools and techniques for attacks are increasing complex and various, so a high-powered intrusion detection system is demanded。Currently there are many intrusion detection systems based on hosts and network, and there exist many shortages, afterward distributed intrusion detection system occurred, its performance needs to be improved too. For enhancement of the efficiency and performance of intrusion detection system, concerned organizations put forward intrusion detection systems based on agent technology, now there are several research productions.This paper analyzed existing traditional intrusion detection systems and mobile agent based intrusion detection systems in detail, and introduced the advantages of mobile agent's application in intrusion detection technologies. According to all discussed above, adopted typical mobile agent system IBM Aglets to design a framework of mobile agent based intrusion detection system and various functional mobile agents, analyzed data collection, detection and tracing of intruding attacks of the concurrent multiple mobile agents. Those mobile agents trace and watch the network equipments and hosts in real time, study net flow and status of the hosts, analyze and audit the outcome data, then give real time alarms for the aggressive activities.Traditional intrusion detection system collect and analyze a large number of host's log files or network packets, it will reduce the performance of system. This paper make use of the intelligence and mobility of mobile agent, simpleness and efficiency of SNMP(Simple Network Management Protocol), collect log files, host and network related data in SNMP MIB (Management Information Base) dynamically according to need via mobile agent. In plus, provide more resources for data collecting by making use of the SNMP extension protocol AgentX to extend the SNMP MIB. At last, this paper chose a few typical DoS(Denial of Service) attack tools to test data collection module and analyze the result, proved the availability of the data collection by observing related parameters in various status. |
PDF Full Text Request