A Research Of An Intrusion Detection System Based On Agent

The rapid development of the computer and data communication have made the rapid growth of the information transmission between networks, increasingly depending on the network in our whole society and making network security become more and more important. Intrusion Detection System, as a proactive information security and defense technology, has become one of the focuses of research in network security at present, but traditional Intrusion Detection System has some disadvantages. On the other hand, the development of agent technology provides ideas and new methods to overcome these disadvantages, which has a good autonomy, real-time quality, retractility and so on, as far as complicated, heterogeneous and high-speed networks and different operating systems are concerned.This thesis analyses the status quo of the development of Intrusion Detection System and summarizes a series of theory and technology that the agents applied in Intrusion Detection System, focusing on key issues such as system model design and key technology research. The main task and research results of this thesis are:(1) Based on the vulnerabilities of the traditional Intrusion Detection System, we proposed an agent-based Intrusion Detection System model. Firstly, we made an overall introduction of the system structure of this model. Then we expounded respectively the principles of the function of each module and operational processes of the system. Adopting the combination of exploitation platform of the excellent Mobile Agent system and mature intrusion detection engine, the model has made full use of the characteristics such as mobility, flexibility, adaptability, cross-platform, code reusability of Mobile Agent, overcoming the defects such as inefficiency, poor expansibility, portability and the limited capacity to upgrade of the traditional Intrusion Detection System.(2) Combining the communication protocol of the agents with cooperation technology between many agents, from the realization of low network load and low network delay of the system, we constructed communication mechanism which cooperates mutually: Communication mechanism divided correspondence objects into five categories (i.e. 16 kinds altogether), further spliting up and growing more subclasses according to different configuration parameters and differentiation of purpose in actual use. It is conducive to the effective and efficient interaction between agents, facilitating the expansion of the types and the functions of the agents, lowering the agents' dependence on the network effectively, improving the efficiency of the system.(3) Making a full description of the system model, we have carried on the preliminary realization and validated the system. Having compared different mobile agent systems, we chose IBM's Aglets platform and made an exhaustive analysis of this platform such as the system framework, object model and events mechanism. Introducing Snort intrusion detection engine applied extensively, Intrusion Detection System has focused on a description of its rules. Running and validating under Windows operating environment, it has made a beneficial attempt for the application of agent technology in Intrusion Detection System.Finally, based on the analysis of its characteristics, we made a conclusion for this system and brought forward the next research work.