Font Size: a A A

Intrusion Detection System Based On P2p And Mobile Agent

Posted on:2008-06-05Degree:MasterType:Thesis
Country:ChinaCandidate:C D XuFull Text:PDF
GTID:2208360215472048Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
As the fast development of INTERNET, the network security problem attracts many people's attention. As the attackers are becoming more mature, and the attack tools and ways are becoming various. The firewall strategy can not meet the needs any longer. So the defense of network needs to be deeper and more multiplex. At the same time, the network environment is becoming more and more complex. Under this situation, as a kind of active measure of information assurance, IDS finds the intrusion from the trace and pattern of their actions. It acts as the effective complement to the traditional protection techniques. It has become the focus of network security research. It acts as the effective complement to traditional techniques. However, the traditional intrusion detection systems have some shortcomings in certain aspects, such as flexibility, interoperability etc.In order to solve the problem of the existing kinds of distributed intrusion detection system, such as the unbalanced load, single-point invalidation and transmission bottlenecks etc, a novel intrusion detection system is proposed in this paper which is based on P2P architecture and mobile agent technology----P2PIDS (Peer-to-Peer Intrusion Detection System). The system uses P2P network technology, IDS Snort, and IBM's Mobile Agent Platform Aglet, which make the system have certain flexibility, interoperability, intelligence as well as good performance. It can play the characteristics of the P2P network technologies, and achieve cooperation among the detecting nodes. It can also enhance the system's detection capability and improve the efficiency of detection.(1) This paper analyzes the current situation in network security, introduces the general principles, classification of intrusion detection in particular, and indicates the trend of IDS development. It analyzes the structural framework of the IDS Snort, the main component and the main work flow in detail. Then, the topology of the P2P network and its classification are introduced, Mobile Agent architecture and model are also for analysis.(2) It shows the advantages and disadvantages of the exiting IDS through comparing their structure. The author introduces the design of the system architecture and expounds the design and implementation of P2PIDS in detail. Communication cooperation mechanism and load balancing mechanism in P2PIDS are proposed in this thesis. Finally, the author designs the main modules of the system. The intrusion detection module is actualized by Snort, and the systematic monitoring module is actualized by SMA and MA.(3) It actualizes a system prototype, and then, proves that the communication cooperation mechanism and load balancing mechanism can effectively reduce the rate of dropping packets and improve the detection efficiency.(4) The paper ends up with a summary of P2PIDS. Finally the author summarizes the advantages and disadvantages of this system, and talks about the future research orientation.
PDF Full Text Request
Related items