Design Of Distributed Intrusion Detection System Based On Intelligent Agent

This thesis based on the embedded project in Network Center of Chinese Academy of Sciences in Xi'an. Currently the key problem is how to improve the performance of Intrusion Detection System, the development of detection technology can't keep up with the speed of network technology, the traditional Intrusion Detection System have some shortcomings in certain aspects, such as flexibility, interoperability etc. Therefore, people begin to seek for new technologies to improve the performance of Intrusion Detection System. In this thesis, we try to lead Mobile Agent Technique into Intrusion Detection System to improve their flexibility, interoperability, extensibility as well as their real-time performance. Agent have been proposed for distributed network management. Comparing to the traditional technology it has obvious advantages, such as reducing network traffic greatly, running independent and asynchronous, adapting the network's change through configuring dynamicly. And use less network traffic and hosts resources to reduce the possible of bottleneck's occur, furthermore, it is easy to deploy the service.This dissertation introduced Intrusion Detection System in detail, and analyzed the normal methods of the Intrusion Detection System. It also describes the advantages and the disadvantages of the present system. Point out the strong point of Agent and it's platform Aglet using in Intrusion Detection System, analyzes some string matching algorithms of detection engine using in Intrusion Detection System, basing on research, we adopt the method of protocol analyze combine with string pattern match. Protocol analyze technology using high integration of network protocol, only match the special fields in data packets, so it decreased the search space and computing complexity, avoid the error message reported by simple pattern match.We improved the tradition packets capture procedure based on zero copy technology, thoroughly researched driver programming and memeory management mechanism which under the Linux system, reduced the number of data copy, fulfilled zero copy and improved system performance remarkably.