The Technology's Research Of Coopertive Intrusion Detection Based On Manager Agent

With the rapid development of computer technology and the Internet, computer system has transferred from single computer model to an open and interconnected network environment. Security problem about network and information have been attention-getting. Various network attacks occur everyday. Correspondingly, more safety precautions were born. Nowadays, intrusion detection technology has got more attention than ever before. For traditional misuse detection, besides low efficiency and it can not detect unknown attacks and attacks' anamorphoses. In addition, anomaly detection methods has poor modeling ability and low detection rate.After investigating statuses in developments about intrusion detection technology in domestic and foreign fields are reviewed and summarized, main work and innovation of this thesis as follows:1) First introduce the concept of manager agent and then proposed cooperative management means which based on priority selection arithmetic. Agent not only can accomplish a particular task independently but also exchange information between each other for data collection by cooperation of manager agent, which aims to complete a complex task through collaboration.2) This paper brings forward a cooperation intrusion detection model based on manager agent (CIDBMA). This model resolves the problem of traditional centralized intrusion detection model, which monitor the protected system only from single angle of view and helpless for distributed attacks. Furthermore, the model gives attention to two problems. One is the components of distributed intrusion detection system will consume huge system resources, the other is the quantity of message is too giant. Detailed designing the cooperation strategy enhance the model's robustness greatly. It does not have significant influence when agent lost its working ability (for example, no response). Agent restoration uses an election algorithm, which can dynamic restore agent's operation timely under the guidance of the management agent.3) At the agent's ability import the concept of credibility. This method is illumined from the credit evaluation mechanism of electronic transaction. The introduction of credibility provides a quantity index to describe the performance of agent more precisely during cooperation. Agent's local database has the record of all agents' (including direct and indirect cooperation) credibility vector.4) Improve the ensemble learning model of data analysis. Besides classification decision fusion based on several neural network, we add a brand new neural network module to fix the classification error occur at single classification. Meanwhile, change the input vector dimension at second class neural network. Using more all-around data description to increase the changed model's detection rate and decrease the false alarm rate.5) At last, test the model by experiments use KDDCUP99 data set. The result shows that the detection rate and false alarm rate have improved significantly compared with unchanged intrusion detection ensemble learning model and another similar method.