| This dissertation focuses on a project of the architecture of an agents-based intrusion detection system (IDS). The IDS introduced in this dissertation is based on agent technique, so the system can distribute data and tasks to the nodes in the networks, instead of conventional centralized solutions. Thus the IDS can make best use of computing capability and resources of the networks. Moreover, using this new architecture the IDS can enhance detection capability and adaptability to intricate network environment through self-study and evolution. To achieve better accuracy, the system adopts data gathered from both hosts and networks. To detect both known and unknown intrusion patterns, the system introduces a blended frame that makes use of both misuse detection approach and anomaly detection approach.The one of the highlight of the architecture is introduction of data mining technique, and the other is introduction of genetic algorithms. The IDS uses data mining algorithms to abstract key features of system runtime status from security audit data, and it uses genetic algorithm to select the feature subset to reduce the amount of data that must be obtained from running processes and classified.Meanwhile, the dissertation introduces the architecture of the IDS in detail. There are the structure, function and relationship of all of the important modules being introduced downwards, such as NMA, GSA, NIDA, HMA, NSA, IDA and so on. |
PDF Full Text Request