Research Of An Intrusion Detection System Based On Mobile Agent Technology

With the network attacks having become more common and sophisticated,more and more security technologies are developed. Intrusion detection tec-hnology as one of the focuses among these technologies can detect the attacks from both outside and inside of network, and it should be an important part of the perfect security architecture. The research of intrusion detection has grown considerably nowadays,and a large number of intrusion detection systems have been developed. However,the traditional intrusion detection systems have some shortcomings in certain aspects, such as flexibility, extensibility, adaptability and so on. Therefore, people begin to seek new technologies.In addition, the mobile agent has become the focus of the research in the distributed calculation field. In contrast with the traditional distributed calculation model, mobile agent can reduce the network bandwidth usage by moving data analysis computation to the location of the intrusion data, support heterogeneous platforms, and offer a lot of flexibility in creating a distributed intrusion detection system.The development of mobile agent technology presents a new approach for the research of IDS. This paper is an initial exploration into the domain of using MobileAgent for IDS, and the author putsforward a distributed intrusion detection system--MAIDS based on mobile agent, which can improve the robustness, adaptability,flexibility and extensibility of the traditional intrusion detection system. This system chooses IBM Aglet as the mobile agent platform. And it combines the techniques both of host-based IDS and networks-based IDS and also can improve the ability of systemic detection.The Intrusion Detection System is composed of total supervisor, supervisor,rule/response database, mobile agent facility and mobile agents. These mobile agents can penetrate into any node which needs them, and closely supervise the invasion from outside and inside of the network, and cooperate mutually, and also can trace the invasion source, and take the corresponding measure promptly. Moreover this IDS installs a simple supervisor on each goal main.The goal mains can respond the invasion voluntarily, they ask for help to the central supervisor only when they meet the invasion appears newly,which can enhance system's timeliness, and avoid system's simple point expiration question, and also lighten the network burden.This paper consists of four sections. After the introduction of the knowledge of intrusion detection, in the second section, the mobile agent is introduced and the advantage and characteristic of the combination of mobile agent technology and intrusion detection technology are analyzed. In the third section, one kind intrusion detection system model based on mobile agent is proposed. The various parts' function, the system's principle of work and the system's characteristic are analyzed. In the fourth section, a simple design and realization are made: IBM Aglet, the system's deployment, the user interface and the rule/response database are introduced respectively, and the collection agent, the analysis agent and other agents are designed. In the end, this paper designs the IDS's correspondence and safety mechanism.Today the agent technology is underused, so there are some difficulties in the complete realization. Because of the time limits, some parts of this system are still in the stage of the fundamental research and need to be improved.