| As the core subsystem of the modern active security system, IDS promotes the measure of Information Assurance from passive to active, and acts as the effective complement to traditional protection techniques. The proposal of our research is that: the digital community is a mapping of human community, and the MAS is the most successful simulation of human community until now. So, MAS-based software will be the more suitable security tool.The purpose of our research is to develop an autonomous intelligent agent framework for Distributed Intrusion Detection System, and to build a scalable and flexible software framework with MAS, which will make it easy to develop a security project for enterprise environment, and provide a convenient test-bed.At the beginning of the thesis, we summarize the state-of-the-art of IDS technology and point out the weaknesses of modern IDS. After discussing the difficulties in building a dynamic security protection system, we present our solution.The main contributions of this thesis are as follows: (l)An agent-based infrastructure for IDS which could solve the problems confronted in the development of DIDS is presented.(2)Then we construct a software base for the dynamic security system. The Hierarchical Cooperation Model, which we present in this infrastructure, improves the organization and the cooperation of IDS components. And the another backbone of this infrastructure, Common Data Process Model, presents different levels of information abstract, knowledge presentation and data process measures in ID.(3)The infrastructure services, communication protocol, cooperation primitives and all types of agents which consist of our framework are also designed.(4)Finally, we present the design and implementation of a prototype—AIAD-IDS, including reduced infrastructure services, high-speed switch network sniffer, cooperation messages and three types of ID agent. The results of the test prove the feasibility of our framework. |
PDF Full Text Request