| Along with the rapid development of computer technology and Internet, computer system has been shifted from independent mode of computer to an open Internet. The problems of network and information security are emerging increasingly. Different kinds of attacking incidents on the Internet keep on happening. Consequently, more and more measures come into being as well. People are attaching greater importance to the intrusion detection technology.The intrusion detection technology is regarded as the third "key" to the network safety after the firewall and anti-virus software. Such technology can collect information from the key points in the computer network system and analyze. It can recognize the usual ways of attack by hackers, supervise and control the unusual communication of network, distinguish utilization to the system leak, improve administrator's ability of managing the safety of the network, help to deal with the attacks in the network while not influence the function of the network. It can be called as a net security technology, which positively protects system against infraction. By the research of the process and characteristics of the intrusion, the safety system can respond to the intrusion and its process in time. It cannot only detect the intrusion from outer world but also unauthorized activities from the inner users.The essay is going to analyze the characteristic of all kinds of intrusion detection technology, explain the significance of the intrusion detection technology to the safety of the network. Besides, my essay proposes a distributing intrusion detection system based on Agent. The distributing capability and the expansibility of that system is good enough to adapt to the complicated environment of the network. The system is composed of hiberarchy Agent. Different agent has different function. They divide the work, cooperate, communicate with each other and supervise the safety status of the network in real time. The system makes deep research of the intrusion detection. It analyses the data package of the intrusion, explain the way to detect the worm virus andprovide functions of detection and report.The system primarily uses the protocol analysis technology and mode matching arithmetic in realizing network engine. Through the combination of the above two, it effectively monishes the target matching scope and improves the detecting speed. By using the BM mode-matching algorithm, it makes the net engine have a better real-time capability. |
PDF Full Text Request