| With the rapid development of the computer and network technology, computer security is increasingly more important. The intrusion detection is an essential component of the protection mechanisms of the security infrastructure. But in the face of rapid changed, updated network environment and various new attack methods, to some extent, there are some limitation for traditional IDS in the aspects of efficiency, extensibility and adaptability. The development of mobile agent technology presents a new approach for the research of IDS. This paper is an initial exploration into the relatively unexplored terrain of using Mobile Agent for IDS, and a distributed intrusion detection system based on mobile agents——MADIDS, which combines the techniques of host-based IDS and network-based IDS. In MADIDS, the detection tasks are implemented by two type of detection MAs,which make the system have certain flexibility, interoperability and intelligence as well as good performance. After providing the background knowledge of intrusion detection system and mobile agent,this dissertation introduces the design of the system architecture, and expounds the design and implementation of MADIDS in detail. Firstly, it introduce the whole architecture of MADIDS, which mainly includes two parts: Control Server and Detected Host. Secondly, each module of MADIDS is discussed, including the structure, the function, the security policy, the mechanism of update and maintains, and so on. At last, there are three experiments to confirm the feasibility of MADIDS. |
PDF Full Text Request