Research And Application Of Collaborative Agent Technology In Intrusion Detection System

In recent years, with the rapid development of network technology, the Internet has penetrated into all aspects of daily life, network security has become an important problem that urgently needs to be solved in the process of development. Intrusion detection technology is the current major security technology, can find attacks in complex and large-scale network, But traditional intrusion detection technology has exposed many shortcomings, and agent-based intrusion detection technology has become one of the hotspots in the field of network security.Because of the lack of a standardized system architecture and uniform standards in Agent development, so Agent can not be effectively collaborate with each other. This thesis has carried out many studies and analysis of existing agent collaboration technology, design an improved agent collaborative technology, which uses the ring structure with no center, then modifies the election algorithm of distributed process scheduler and applies to the collaborative structure. It can solve the single point of failure and balance the load, divide some agent-coalition by algorithm and apply to the contract net model, add hop parameter to the agent-coalition communication. In order to reduce communication costs, achieve communication optimization and improve the efficiency of the system processing. Next, we apply the above improved agent collaboration technology to intrusion detection systems, design a complete agent-based collaborative intrusion detection system.The bottom layer of this system uses Libpcap function to capture the underlying packet, the middle layer uses protocol analysis and data mining, at the same time, adds a new module which is to subdivide the rules, then associate the corresponding rules with specific thread by mapping, and thus can to achieve parallel processing in the system, the high-layer is full use of the improved agent collaborative technology in design. So far, the system has been partially implemented, and the system has good scalability.