The Research Of Intrusion Detection System Based On Mobile Agent And Genetic Algorithms

With the computer network technology rapid development and the widespread application, the security problem which the network intrusion creates is becoming the focal point day by day which the people pay attention. The traditional passive defense measure, like the firewall technology, the data encryption and so on, can't fulfill the need of present network security. Intrusion detection is the new network security technology which comes forth within the last several years. It makes up the disadvantage that the conventional network security technologies reflect on and supplies the real-time intrusion detection and corresponding protection.In the last few years, from early central IDS(Intrusion Detection System) development to present distributed IDS, the research development is very quick about the intrusion detection technology. But along with unceasing expansion of network scale, the new method of attack emerges one after another incessantly, the IDS also faces many questions and the insufficiency. In the condition of exponential increasing data handled by IDS, it's hard for the conventional processing data technique to complete the detection task and distinguish the unknown intrusions because of the limited processing data capacity and lower detection efficiency.If we utilize the mobile agent technology and Genetic Algorithms to solve the problems on the intrusion detection, it can improve system efficiency and it will endow IDS with good recognizing ability to the unknown attacks as well as to the known ones. The lack of intrusion detection technology that exist has been analyzed. Making reference to the methods and designs of the correlative research projects in and abroad, the network intrusion detection model based on the mobile agent technology and Genetic Algorithms, called MADIDS(Mobile Agent Distributed Intrusion Detection System), has been presented and does a more in-depth study to it. The two technologies' good characteristics are introduced in the model.The main works of this paper are as followings:First of all this paper briefly introduces on the need for IDS and the current situation of IDS, and then delineation the current IDS technology. The IDS's definition, classification and system architecture are then put forword.Second, this paper introduces the related concepts of Mobile Agent and the relevant principles of Genetic Algorithms. The IDS model called MADIDS has been proposed, and Genetic Algorithms is used in the model. Focuses on the analysis of how to use genetic algorithms in the IDS, this is the difficulties and innovations in this paper.The development of prototype system has been finished and the threshold of intrusion detection system has been obtained by using training data from the Lincoln LAB. In the situation of LAN, we simulated some typical intrusion behavior and detection task of intrusion detection system. The experimental result indicates that the model is more adaptability and higher efficiency than original one, besides, it can detect the unknown attacks.The innovation of this paper:The demand for the system network performance is comparely low. It mainly applies master-slave database, and this can avoid single point failure. The system possesses the following advantages: workbench independence, strong scalability and able to check the unknown attack. The part of checking attack in Genetic training Algorithms applies IP packets data, the calculate is comvenient and reliable.