Research Of Agent-based Distributed Intrusion Detection System

Traditional intrusion detection system can't meet the users'needs because of the increasing complexity and concealment of intrusion. So new technical method is urgent to assure the efficiency of intrusion detection. The development of agent technology presents a new approach for the research of IDS.Agent technology bring many advantags to distributed intrusion detection system.It can not only reduce network load and load balance,overcome network latency, execute asynchronously and autonously,but also adapt dynamically,execute heterogeneous,and have robust and fault tolerant behavior.After the analysis of the current distributed intrusion detection models based on agent, A Agent-based Distributed Intrusion Detection System is proposed. The center module of system manages all agents, each of whom has a unique ID, and because of adopting security mechanisms of authentication, integrity authenticated and encryption, it becomes more secure. With multi-agent technology, the system can effectively achieve autonomy of detection and coordinate processing of information from each monitored host.With a hierarchical structure,the system hid the address of center manager. Then it not only improve the security of the IDS, and solve the bottleneck of the IDS, but also protect the system against distributed intrusions effectively.In the plementation of detection parts, the combination of protocol analysis and pattern matching is used in the implementation of the detecting component. And that reduces the matching range of the targets and improves the detecting speed. In the process of decision, the module of correlation and analysis and information agent are proposed. It not only detect the relation of several attack,and reduce the rate of false positive,but also protect the system against distributed intrusions effectively.For emerging attacks against IDS and threats to the system related to agents, this thesis presents corresponding security strategy and mechanism, which solve the problem of security authentication and the attack of the center module.After that we test the system. By the testing results we analysis the feasibility and practicability of th system. Lastly, some features unimplemented and some problems for further study have been put forward in the last portion of dissertation.