Mobile Agent And Snort Based Distributed Intrusion Detection System

With the rapid development of computer network technique and fast increasement of the network users, security problem has become the main focus that people care about. Firewall is the traditional network security device, it could use the access control mechanisms to limit the access of non-authorized, but it has several shortcomings such as it can't limit the malicious access of validated user's. As the strong supplement of firewall, intrusion detection systems (IDSs) can detect attacks from both outside and inside of networks, and they should be an important part of the perfect security architecture. The research of intrusion detection has grown considerably nowadays, and a large number of intrusion detection systems have been developed so as to satisfy different needs.However, the traditional IDSs have some shortcomings in certain aspects, such as efficiency, flexibility, interoperability etc. Therefore, people begin to seek for new technologies to improve the performance of IDSs. In this thesis, we reference the traditional distributed intrusion detection system model and Snort intrusion detection system based on the study of the mobile agent technology, put forwad Mobile Agent and Snort based Distributed Intrusion Detection System (MASDIDS). Data collection, analysis and response work in distributed nodes, the static agent collect the logs, analysis and response, meanwhile Snort collect network data, analysis and response. The number of mobile agents make depth analysis, the system center only need to statistics invasion and manage components, large amounts data calculation wok in the distribution nodes, therefore the system center does not exist the problem of excessive flow, furthermore the system's real-time performance can be enhanced.Firstly, we analyze and summarize the technologies of IDS and mobile agent.Then we put an emphasis on mobile agent technique and its application in IDSs.After introducing the Aglet in mobile agent and analyze its system frame and object model, then proposed a mobile agent and Snort based distributed intrusion detection system (MASDIDS), while Snort matching algorithm was improved, finally through the experiment verify that the system can be implemented.