Research On A Distributed Intrusion Detection System Based On Agent

Security issues have evolved into the key problem of information systems. As a kind of active measure of Information Assurance, Intrusion detection acts as the effective complement to traditional protection techniques such as access control, firewall, and identity authentication. With the development of computer and network technologies, Distributed Intrusion Detection has developed into the focus of Intrusion Detection and the whole realm of Network Security.As the key of distributed detection, the message interactive between components of detection must cater to the requirements of accuracy, scalability, portability and expressiveness. Agent is an intelligent program, which can autonomously execute and provide relative services. In the realm of Intrusion Detection, agent has many better performances, such as independence, flexibility, scalability, limited fault extension, unconstrained data source and so on. Therefore, agent can effectively detect intruders by exchanging information each other.Firstly, several classical models of intrusion detection system based on agent are researched deeply, and their advantage and disadvantage are analyzed in this paper. According to those models, a novel model of distributed intrusion detection system based on agent is proposed, which utilizes the agent technology to deal with the information interactive between components. In addition to, the proposed model uses the information of host file system, log system and network system to estimate the behavior of intrusion, and discover the intruders.In order to reduce the ratio of false positive, repeated alerts which are triggered by scanning in bottom layer are processed to decrease redundancy. Besides, a DoSDA (Denial of Service Discover Agent) is designed to mine theattacks of DoS. Finally, a series of experiments are made to evaluate prototype system, and importantly test the performance of buffer overflow and DoS.For intrusion detection system after improvement, there are still some shortages, so the paper provides the future work finally.