Research Of Distributed Intrusion Detection System Based On Mobile Agent

Along with the wide increasement of modern internet demands, the network and information security becomes the key problem that is needed to be solved for the further development of the internet and every kind of network service and application. After fallwall, the Intrusion Detection System(IDS) develops rapidly in modern years and plays more and more important role in the network and information area.The distributed IDS which is suitable to modern network feature is a research hot spot in the information area, but there are some usual problems that exist in modern distributed IDS. The defaults of modern IDS are as follows: bad real-time performance of the intrusion detection and response, bad system extension and flexibility, lack of studying and dynamic configuration ability and easily to cause network blocking. By combining static agent with mobile agent, this paper proposes a distributed intrusion detection system model based on agents. The main work of this paper is as follows:(1) This paper uses the characters of the mobile agent and puts them into the IDS, then designs a kind of distributed IDS architecture based on agents. The IDS mainly includes Management Agent, Host Agent, Network Agent and Mobile Agent(MA). This paper analyses module composements of every part. The update module in the Management Agent and Host Agent makes the system have a strong ability of studying and updating. Besides, the MA can communicate with every module. This function can enhance the performance of this system.(2) Based on the system architecture, the paper implements function modules of the system, then tests the detection ability, running performance and mobile agent management of the system. Finally, this paper analyses test results. The experiment result shows the ability of studying and dynamic configuration of the system is enhanced, and network current capacity and system bottleneck is reduced. The cooperation and flexibility is also stronger, and the real-time performance of intrusion detection is better. Finally, this system has a feature of distributed detection.(3) Through studying present condition of IDS, the paper designs another kind of distributed intrusion detection system model based on mobile agent. This architecture makes use of the cooperational module which has no control center. The system realizes the distributed intrusion and every host finishes the task of detection cooperately. It sovles some problems that exist in modern distributed intrusion detection system, such as the system's single point failure, system bottleneck, badly extension, real-time performance and so on.