Intrusion Detection System, Based On Data Mining And Agent Technology

This thesis focuses on the architecture of an agents-based intrusion detection system (IDS). The IDS proposed in this thesis is based on agent technique, by which IDS distributes data and tasks to the nodes in the networks. Thus IDS can make best use of compute capability and resources of the networks, which covers the shortage of conventional centralized intrusion detection approach. Moreover, this new architecture enable IDS to enhance detection capability and adaptability to intricate network environment through self-study and evolution. To achieve better accuracy, the architecture adopts security audit data gathered from both host and network. To enable IDS to detect both known and unknown intrusion model, the architecture adopts a blend frame that makes use of both misuse detection approach and anomaly detection approach.Another highlight of the architecture is introduction of data mining technique. IDS makes use of data mining algorithms to abstract key features of system runtime status from security audit data such as system log and network data stream, and then constructs classify engine of audit data.