Research And Implementation Of Distributed Security Data Collecting Framework Based On Agents

The collection of security data is a very important part of Intrusion Detection System. At present Distributed IDS based on Agents is a hot topic of the area of IDS, after the research of the traditional IDS, the distributed IDS, the distributed Agent framework, and the collection methods of host and network, this paper proposes a distributed security data collection framework based on agents and implements a prototype. This framework is based on OAA (Open Agent Architecture). Through this framework we can get different kinds of security data both from host and network. The collaborative relation is build through the way of double-service model: Finding the service provider through the service provided by Facilitator (Common Service Agent); Building the real service relationship between service provider and service requester. All the communication messages use the formation of ICL. The real security data are transformed directly between two Agents. Agent can be developed easily, can be load and unload to system on the runtime. The functional test proves the feasibility of this proposal. This paper also analyzes disadvantages of this framework and proposes direction of the future work.