The Research On Anti-attack Intrusion Detection System Model Based On Agent

In recent years, with the continuous development of network-attack technology, Intrusion Detection System is confronted with a growing number of security threats during treating with network intrusion. So it is very necessary to design a secure, stable and reliable Intrusion Detection System model.This paper analyzes an Intrusion Detection System model which is based on the static agent, and points out that the security loopholes, network load problems and structural safety problems of the system existing in the model. Using of mobile agent, this paper points out a user's authentication scheme and strategy to solve the network load problems and the system security problems. In this paper, based on the overall security from the system, detection efficiency, calculating-load-balancing and expansibility, a new Anti-Attack Intrusion Detection System model Based on Mobile Agent was presented.The model is a new one which is based on master-slave mode and heart rate communications, as well as Hash function packet-grouping technology and library of dynamic characteristics. The model is based on the mobile agent platform-Aglets offered by IBM lab, and based on this platform we develop a variety of mobile agents-aglet, including the Management Control Center-MCC, Monitor aglet, Intrusion Detection aglet and Whole Analysis aglet. Also, two sets of rules are configured for the host intrusion detection aglet and a dynamically updated aglet-table is maintained.System offers a double protection in the overall safety. On the one hand, with strategy of heartbeat communication between MCC and Monitor aglet, Monitor aglet and Intrusion Detection aglet and Whole Analysis aglet, it reaches the situation of mutual monitoring by sending the defined semantic information to each other. The system will automatically trigger the appropriate processing module to remove and re-send a new aglet, to ensure the system stable and reliable operation of the purpose in case of any one of the four's failure. On the other hand, using M-S mode makes the MMA to a certain degree of protection.In the detection efficiency, the system uses the strategy of two sets of rule, making the Intrusion Detection aglet only loads the corresponding function rules in normal circumstances, which greatly improved the efficiency. When the Intrusion Detection aglet obtains Whole Analysis aglet's invasion broadcast, it loads completely rule to prevent the host from the same attack.In calculating resource-load-balancing, we have adopted the Hash function packet-grouping technology and aglet's strategy of applying computing resources, ensuring that the packets from the same address could be treated by the same aglet, It can make SMA migrate from the host whose computing resources are relatively poor to the host whose computing resources are rich, in order to make the entire system achieve load-balancing.In the expansibility of the system, we use an aglet-library, which makes the system adjust dynamically without affecting other entities.