| With more and more site intruded by hackers, security expert found that only use protection technology to build a security system is not enough, and the Intrusion Detection has became a new way for network security. The Intrusion Detection System (IDS) is a new security technology, which apart from tradition security protect technology, such as firewall and data crypt. IDS watch the computer and network traffic for intrusive and suspicious activities. They not only detect intrusions from the internet hacker, but also the intranet unauthorized users.Aiming at the deficiency of traditional Distributed Intrusion Detection System, this paper begins with status of intrusion detection, and then has designed and realized a Distributed Intrusion Detection System Based on Agent. Agent is software agent, which performs the function of security watch and intrusion detection, and it can work well whether other agents exist or not. It can be controlled by higher authorized entity, such as start, stop, change running parameter, and so on. The basic idea is that some distributed modules independently perform data collection and data analysis, which are two functions in intrusion detection, and the system watches whole system by all modules cooperating with each other.This system has good distribute and scalable ability. It can combine the network-based IDS and host-based IDS into a system, and can provide an integration environment for detection, report and response. |
PDF Full Text Request