| With the rapid development of Internet, more and more applications are realized through network. But at the same time, the security of network is facing a big challenge. The fast speed of network facilitates the intruders. Not only the modes and the methods, of intrusion are becoming more and more complicated, but also the technique of the intruders is improving constantly. As the scale of intrusion expands, more and more computer systems were attacked. How to protect the computer systems and the believed networks from intrusion is now an urgent problem needs to be solved. As a kind of initiative safe protection means, intrusion detection can detect not only the external intrusion behaviors, but also the inside unauthorized activities of the user. The intrusion detection system plays a very important role in protecting the security of the computer system.The traditional intrusion detection system can only respond passively to intrusions, for example, disconnection network. But the intruders have never stopped trying attacks; therefore, the threat to the whole Internet still exists. To solve this problem, it is very important to know how to trace the position of the intruders and to get the accurately evidence. As to the distributed intrusion detection system, the system installation as well as the close cooperation among computers are strenuous tasks. One of the research directions of the intrusion detection technology is how to strengthen the system's flexibility, as to achieve that computers with different system operations can dynamically join into this detection system. The unique characters that the mobile agent has: autonomy and the move ability, decides its important status in the field of intrusion detection.In This paper, an intrusion detection system bases on mobile agent is designed. This system uses mobile agents to realize the functions of most parts of the system model. So, it is a system with great flexibility. The monitor module is started by mobile agents, and one mobile agent has response to trace the intruder, which can greatly weakened the request for system expansions. On the other hand, thissystem does not analyze the huge daily record and network record completely, but defines the suspicious intrusion mark, and collect corresponding auditing when this kind of mark appears. This method raises the efficiency of system and consumes relatively little resource, In that case, a large number of personal computers can join into the system, and the intruders will have no way to escape. The whole design is so flexible that the computers are just required to install the mobile agent environment and being offered some proper authority to access the system operation.The prototype of this system is realized by using Java as the programming language, and by setting IBM Aglet as the mobile agent environment. Since Aglet was developed by pure Java language, the intrusion detection system can be easily transplanted to various kinds of system platforms. |
PDF Full Text Request