| With the rapid development of the Internet, it happens that more and more network attacks and invasions are increasing. At the same time, network security risk factor is increasing continuously. The firewall once as the most important security can no longer meet the people's demand for network security. As a useful complement to firewall, Intrusion Detection System can find attacks rapidly, monitor network in the circumstances of not affecting network performance, thus it can provide the real-time protection to the internal attacks, external attack and misuse.The study of Mobile Agent-based Intrusion Detection System is that mobile agent is applied to Intrusion Detection System. Mobile agent technology is used in the collection and processing of information, it makes that there are good robustness, good fault tolerance, good scalability and good flexibility. In this paper, the work has done as follows:1 The current intrusion detection technology and intrude way are deep studied and the current intrusion detection technologies are compared in the paper. The advantages and disadvantages of Intrusion Detection Technology are pointed out.2 The Aglets of IBM is deep studied. The paper introduces why we choose Aglets for the system, and it focuses on how to build Aglets-based system.3 On the basis of previous work, the Mobile Agent-based Intrusion Detection System called AMAIDS is proposed. The architecture of the system is no control centre and its components are collaborative each other. Based on Aglets, the approach of protocol analysis to analyze data is used. The mobile agent technology and intrusion detection technology are really combined. AMAIDS solves a single point of failure, network overloading, poor scalability that are existed in the current Intrusion Detection System. At the same time, taking into account the security of the system, every agent in the mobile agent system is allocated the logo ID, and the table is established in the mobile agent library to manage Agent. The Agent can be dispatched only through authentication of identification and integrity. When Agent is sent to the destination host and when they migrate between the hosts, encrypted transmission are used.4 Java (a platform-independent language) as the main development tool is adopted, and the MySQL database to take a detailed design and implementation of the main module of the system is used. In the gathering module, Jpcap to capture data packets is used. In the analysis module, Snort's description method of intrusion is used. At the same time, the approach of protocol analysis to analyze data is used. Thus, the efficiency of the system is greatly improved. Connection module is separated from the analysis module to not only reduce the burden of work, but also solve the network overloading. 5 Relevant tests of system with the different methods and the different purposes prove that the system model is feasible and correct. |
PDF Full Text Request