| At present, the network and each kind of information technology are widely applied, but simultaneously also has the serious risk and the threat, the security problem prepares to be paid more attention. The invasion examination system is the network security domain's important branch and the research hot area, it is the essential technology protects the network system security and also the important method. Changes integrated, the complication along with the invasion technology, the invasion scale unceasingly expands, the network security equipment processing speed still could not meet the need, how reduced the invasion examination system reporting mistakenly rate and failing to report rate, and intellectualized degree aspect and so on the enhancement interaction throughout was a topic which waited for further studies.Along with the artificial intelligence as well as the Agent technology's development, the use had the certainly independent inference, independent decision power Agent as well as the multi-Agent system which was composed by it already becomes a popular tool in the network application system. The multi-Agent system is one distributional artificial intelligence method, take the intelligent Agent technology as the foundation, applied the multi-Agent technology in the invasion examination system and the research had already obtain certain achievement, it could parallel, coordinated make the examination system which in the logic and physics dispersed to solve the question, was advantageous to realizes distributional processing, was allowed to balance the multi-processor the load, had dynamic may merit and so on extension and intellectualization, remarkably enhanced the examination system performance. Based on the multi-Agent distributional invasion examination system research and design is one of present intellectualization invasion examination engineering research's important directions.The regular warehouse descripe the invasion attack's characteristic and the corresponding response rule, and control invasion examination engine, and it is the key content to know whether to check out the invadation effectively. The choice of Examination rule's expressed pattern is directly affecting the rule gain ability and the rule utilization efficiency, it's one of most basic question of the invasion-examination system. Therefore, to express the pattern of invasion-examination system rule, the regular warehouse constructs the research and the improvement has the important value.This thesis analyse the research status at present of domestic and foreign in multi-Agent invasion-examination system, on the foundation of this, it constructed NIDS oriented to the regular warehouse has conducted the research and the discussion. The main research work involves following several aspects:1. The utilization of knowledge engineering and the object-oriented method, proposed expressesed model based on the object-oriented attack knowledge, and used the Java language to realize the attack knowledge expression. In the research regards as the network attack an object knowledge, has define the similar attack knowledge as an attack class knowledge, has defined the attack knowledge object's abstract structure, the method collection, the ruleset.2. Proposed one kind of rule description based on the knowledge engineering method, to the rule, the regular agreement, the regular option and the construction of data carried on the detailed design, the definition-rule description language is simple, nimble, has been highly effective.3. In analyzes the NIDS model's function characteristic and agreement data packet basic characteristic foundation, planned has withdrawn in view of the different type data packet characteristic with the examination rule expression.4. To each kind of Agent function and its mutually relation has carried on the assignment based on in the multi-Agent invasion examination system, and has carried on the detailed design with rule correlation Agent.5. Proposed two kind of realizations rules warehouse construction plan. Using table form realize the definition and reasoning rule between simple attack and related attack; And use script memory plan design description grammar of related event based on the data pattern single action and also based on statistical and the connection behavior connection event.The paper use the model of object-oriented knowledge as a foundation, melts into the level regular warehouse's designing thought, has discussed the NIDS regular swarehouse realization way and the automatic renewal method, has produced the feasible regular warehouse realization plan. The pan which has been proposed can define combination,distributional attack and so complex attack knowledge effectively, designs the regular storehouse model and the realization plan has manifested the good knowledge management mechanism, has the examination efficiency to be high, auto-adapted and so on the characteristic, provides the reference and the help by the time to the network invasion examination system intellectualization. |
PDF Full Text Request