| Intrusion Detection is extremely beneficial to the supplement of the firewalls. Intrusion Detection System can examine the attack before it causes any destruction, and also uses the alert and protection system to get rid of the intrusion. In this thesis,the loss caused by intrusion can be reduced . After the intrusion,related information can be collected for later use as the protection system knowledge .This knowledge can be kept in knowledge base library so that this kind of intrusion will no more happen.the the traditional Intrusion Detection System exist that sniffer heavy communicate with the console, the console failure caused paralysis of the entire system and response lag in founding intrusion and so on.This paper put forward the agent technology in intrusion detection system, in which a pattern matching combine rules of the idea, the main work and results as follows:(1) A novel net detection system based multi-agent (NIDSMA) architecture was put forward and deeply researched to improve the detection capability of current network intrusion detection systems. In order to reduce the relevance of each detection components as far as possible, and avoid the simple point failure caused by the single central analyzer, the NIDSMA model adopted the non-control center Multi-Agent, which used fully the independence Agent. All of the NIDSMA components were the independent unit, which had realized the distributing data collection and the real-time response. Thus the robustness of the entire system is enhanced.(2) A simple, flexible, and efficient ruleset description language was constructed, so that the detection engine of NIDSMA can found the characteristics of invasion and make the corresponding action according to the rules.(3) An improved multi- matching algorithm (NPMS) was put forward, which is time and the efficiency of detection more highly than AC_BM algorithm by experiment. |
PDF Full Text Request