Research Of The Intrusion Detection System Based On Mobile Agent

Along with developing of the network rapidly, we have to deal with the more and more network security problems. The conventional network security technologies, such as digital signature, access control and firewall, can't fulfill the need of present network security. The network security problems are gradually becoming the pivotal one that must be solved for further progress of the Internet and some network service. Intrusion detection is the new network security technology which comes forth within the last several years. It makes up the disadvantage that the conventional network security technologies reflect on and supplies the real-time intrusion detection and corresponding protecttion.At present, the research of the IDS (Intrusion Detection System) focuses on the model for the IDS and the intrusion detection technologies. With unceasing expansion of network scale and the user's demand, the existing system models bring on the overweight load, the higher band width and are easy to induce the bottleneck of communication. In the condition of exponential increasing data handled by IDS, it's hard for the conventional processing data technique to complete the detection task and distinguish the unknown intrusions because of the limited processing data capacity and lower detection efficiency.It is a vigorous research utilizing the mobile agent technology and immune principle to solve the problems on the intrusion detection in the network security areas. The specific demand of the intrusion detection system based on the network has been analyzed in the paper. Making reference to the methods and designs of the correlative research projects in and abroad, the network intrusion detection model based on the mobile agent technology and immune principle, called MAgentlDS, has been presented from the aspects of the practical application and lucubrated. The two technologies' good characteristics are introduced in the model.The model which has integrated the hiberarchy and net model runs on the platform called Aglets developed by IBM. According to the functions, the system designed by OOD (object-oriented design) consists of the agent for capturing data, the agent for preprocessing data, the agent for analyzing data, the agent for responding, the agent for communicating, the agent for managing data, the agent for configuring which are independent. The function on each agent has been elaborately described. The process which these agents are cooperative with each other has been analyzed detailedly. The main tasks on the subject are following:①The present situation on IDS between home and overseas has brought into comparison from the aspects of theory evolving and experimental system.②The conception on the IDS and the mobile agent technology has been introduced in detail.③The new IDS model called MAgentIDS has been proposed and the mathematical expressions of the concept on the IDS, such as "Self" and "Nonself", have been perfected.④We have concentrated on analyzing the immune tolerant model applied in the IDS and improving on the Negative-Selection algorithm idea used in the agent for analyzing, which are the difficulties and innovations in the dissertation.⑤The prototyping system has been developed.⑥The emulational detection has been accomplished by simulating the typical intrusions in the LAN. The experimental result indicates that the model is more adaptive than the existing one. Besides, the evolutionary Negative-Selection algorithm, which can cover the same detection space with the fewer detectors, has improved the detecting capability than the original method.Making better use of the mobile agent technology for his good characteristics such as mobility and flexibility, and the immune system which is characteristic of tolerance, cognizablity and distributed, the system has overcame the old ones' shortcomings, such as lower efficiency, worse portability, limited scalability and difficult for detecting the unknown intrusions. The MAgentIDS has offered a feasible way for resolving series of problems which occur in the present IDS, such as the higher band width, the lower detection rate, higher negative detection rate. The MAgentIDS has been both valuable in the theoretical research and practical application.