| Intrusion Detection,being a proactive network security protection technology, has become an essential component in network security system. Mobile Agent technology has many advantages for the Intrusion Detection System, particularly is suited to Distributed Intrusion Detection System. At home and abroad, the research of Mobile Agent applied to the intrusion detection is still at an early stage. Many theoretical and practical issues have not yet been satisfactorily resolved.First of all, connecting with relative theory of Intrusion Detection System, This paper designed a model of complete and equal Distributed Intrusion Detection System, based on the Mobile Agent technology. The Intrusion Detection Agents in the model communicate and collaborate in equal collaboration mode. It avoids the "bottleneck" of the key nodes in the system and can effectively detect the Distributed Intrusion.Secondly, it is made that a detailed design of key modules, such as, Intrusion Detection Agent, system communication and alarm information log. The initial emulation examination is also made. The design thoughts are taking open-source programs of Snort as its core, storing intrusion alarm information log with the data table constructed in this paper, carrying on correspondence based on a new communication protocols. Experimental results indicate that the model constructed in this paper has better scalability, rapid response speed and high rate of detection and identification.In addition, two aspects of order matching and bad characters elicitation towards the traditional BM algorithm are improved in this paper, the improved algorithm is used as a core of the string matching algorithms in system detection mechanism, increasing the efficiency of intrusion.Although the system model can be well implemented to distributed intrusion detection in design theory, but further study will be done on the intelligent management, real-time response and various methods of detection. |
PDF Full Text Request