Research On Mobile Agent Based Distributed Intrusion Detection System

The openness of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to Information security. With the development of the Internet at present, security issues have evolved into the key problem of information systems. To the development of large-scale Internet and invading complication, the traditional Internet safe technology exposes lots of defect.Intrusion detection is one of the kernel technology of Information security, protects internal network together with firewall and anti-virus tools. The research of intrusion detection has grown considerably nowadays, and large numbers of intrusion detection systems have been developed to address different needs. However traditional intrusion detection systems have some shortcomings in certain aspects, such as distribute, intelligent, flexibility, efficiency and so on.Mobile agents have been proposed for decentralized network management. Mobile agents has obvious advantages in comparison with others, such as reducing network load greatly, running independent and non-synchronous. Having studied the currently deployed IDSs and agent technology, a distributed intrusion detection framework based on mobile agents is designed in this paper. The design proposed incorporating MA and NIDS, HIDS techniques through DIDS management.At first of the dissertation, the technology of IDS and mobile agent has been presented in detail, while the major problem and the trend of intrusion detection are also analyzed. Although the unique features of Mobile Agent can improve the haleness, adaptability and extendibility to the intrusion detection system, it is necessary to improve on the intrusion detection system which IDS base on Mobile Agent faced. Then, the dissertation analyzes the requirement of the system, and confirms which development's environment to use. Secondly, after analyzing the intrusion detection system base on Mobile agent, this system model is constructed by administration module and Agent sub modules, and using IBM' Aglet platform as the runtime platform of mobile agent. To achieve better accuracy, the architecture adopts security audit data gathered from both host and network, ensure the safety of system and decrease data transmission. And it introduces the architecture in detail. In the end, intrusion detection system base on Mobile Agent is designed and implemented. Analysis shows the effectiveness of the system.