Mobile Agent Based Intrusion Detection System Technology Research

Traditional security technique base on protection basically, but protection technique can only stop attack attempt to the best of its ability and leave this process. It can not prevent all kinds of intrusion behaviors from happening. Also, even the most safe system exists holes more or less. A mass of practice prove that it is not enough to ensure the security of network system only depending on traditional passive protection. As a kind of active measure of Information Assurance, Intrusion Detection acts as the effective complement to traditional protection techniques. The dynamic security circle, including policy, protection, detection and response, can greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats. Because the intrusion detection technology is very important to the security of network, the study about ID if of great significance.It's obvious to join the MA technology into a traditional Intrusion Detective system will great benefit network security, however, the MA has its intrinsic weakness of security. In this article, by trace the evolution of technology, we first gave an glance to both the IDS and MA technology, then discussed the new security demand in an IDS based on MA, hence we present the new intrusion detectsion system, Mobile Agent Based Security Auditor Intrusion Detection (SA-MAIDS).Compared with the present IDS which involved MA technology, the SA-MAIDS try to reinforce the protection of an IDS itself in the following way:First introduced the concept of attacking intension, and by use it to narrow the instruction analysis on more valuable information.Second, isolated the Security Auditor from MA manager make it become possible to prevent the Security Auditor from attack , and furthermore, MA manager plays a vital role in the system, we, therefore, implemented an monitor subsystem to ensure it won't work out of control.At last, to secure the communication of aglets, we carried the communication among aglets on an cannel involved with SSL. So far, we have implement part of the system on an aglet platform.