Distributed Defense System Based On Collaborative Research And Design,

With the rapid development of the network technology and the continual opening for Internet, the network attack has become increasingly serious. The network security has drawn great attention gradually. Though a variety of traditional security defending systems, such as firewall, intrusion detection system are much consummate, they can't completely solve all problems in the field of the network security. Especially with the appearance and development of the distributed attack, cooperative attack and complex attack, the traditional single defending system has not met the need of the network security. The current defending system needs the sufficient cooperation mechanism.In this paper, on the basis of AFFID and EMERALD, we proposed a framework model of distributed defending system based on cooperation. The model consists of agent, transceiver and monitor. This model reforms the analysis hierarchy that exists in the current distributed defending system models. The security agent contains a cooperative analysis unit. In the model, compared with the traditional models, the distributed analysis has been realized, so there is not the problem of overloading in monitor. In the model, agent and monitor all can operate cooperation analysis and the load balancing is attained. Agent technology is applied to the model. So this model is an open system with good scalability that is beneficial to integrate all kinds of security agents such as firewall agent, intrusion detection agent. Different agents work together in the way of cooperating.This paper expands the architecture of the model. Functions, features and realization methods of agent and monitor are described. Functional modules of monitor and the controller of agent are designed in detail.This paper stresses on the cooperation mechanism of the model, especially the event-based cooperation mechanism, and design the rule-based realization methods of cooperation. On the basis of IDMEF, we design the message mechanism that can be well applied in cooperation. In the end, we analyze...