Distributed Intrusion Detection System Research And Design

Intrusions are those actions that try to destroy security, integrality, usability or controllability of computer. Intrusion Detection are such actions which collect informations of computer network and key nodes, identify and respond to malicious uses of computer and net resourses, detect abnormal incidents and attack evidences, if these happen then notify net manager. It not only detects outer attacks but also monitor inside users' unauthorized actions. These software and hardware to be used in intrusion detection are called intrusion detection system.Intrusion detection is not only an important technology of computer security area, but also the hotspot of security theory research. In these years, the government has increased investments to intrusion detection study. It was included in information security emergency plan by 863 emergency plan in 2000, 6.We design a distributed mobile agent-based Intrusion Detection System, It combines the network-based IDS and host-based IDS into a system, which has good distribute and scalable ability.We used mobile agent designed a distributed IDS. In the implement of the network engine, the combination of network protocol analyzes and pattern match technology is used, and reduces scope to search. We also improved pattern match algorithm, the network engine can search intrusion signal more quickly. In system frame, we used three level frame and two level deteaction. We also used a CA certification system to protect our EDS, which not only solved the security problems but also improved the detect efficiency.In chapter one and chapter two, we introduced the shortage of security technology and the origin of EDS, CIDF model, work principle, system frame, class and develop trend.In chapter three, four and five, we discussed design of distributed IDS, intrusion rule language and sub-IDS system, at the same time, we introduced attack classify method.In chapter six, we discussed the security problems of EDS itself and the methods how we solve these problems. At the end, we put forward the characteristics and shortages of our system and the future work we should do.