| With the network attacks having become more common and sophisticated, more and more security technologies are developed. Intrusion detection technology as one of the focuses among these technologies can detect the attacks from both outside and inside of network, and it should be an important part of the perfect security architecture. The research of intrusion detection has grown considerably nowadays, and there are a large number of intrusion detection systems have been developed. However, the traditional intrusion detection systems have some shortcomings in certain aspects, such as flexibility, extensibility, adaptability and so on. Therefore, people begin to seek new technologies.The development of mobile agent technology presents a new approach for the research of IDS. This paper is an initial exploration into the relatively unexplored terrain of using Mobile Agent for IDS, and a distributed intrusion detection system based on mobile agents——MAIDS, which combines the techniques of host-based IDS and network-based IDS. In MAIDS, the detection tasks are implemented by two type of detection MAs, which make the system have certain flexibility, interoperability and intelligence as well as good performance.After providing the background knowledge of intrusion detection system and mobile agent, we introduce the design of the system architecture, and then begin to expound the design and composition of MAIDS in detail. Firstly, it introduces the whole structure of MAIDS, which mainly includes two parts: Control Server and Detected Host. Secondly, each module of MAIDS is discussed, including the structure, the function, the mechanism of cooperation and communication, the mechanism of update and maintains and so on. At last, there are two experiments to confirm the feasibility and advantages of MAIDS. |
PDF Full Text Request