| With the rapid development of Internet, traditional enterprise application systems arein a closed environment, which already can not meet the development requirements.Enterprise application systems gradually evolve to open network environment, some keyapplications is bound to become prime target for hackers. Traditional security productsgenerally adopt pattern-matching, protocol-analysis and so on, which can only detect somecommon Trojans, virus, intrusion attacks, for more subtle and distributed intrusion attacksare powerless. In order to meet high viability of application, the paper proposes abehavior-based collaborative detection and protection model.First, the paper introduces basic theory of computer’s behavior and gives definitionand features of the behavior. In addition, the computer’s behavior is divided into kinds ofcategories according to different standards. Moreover, the paper analyzes behavior ofapplication system and network, which is described by the object, introduces the behavioranalysis theory and adopts Apriori association analysis.Second, as low accuracy and poor scalability exists in present intrusion detectionsystem, the dynamic pluggable coordination intrusion detection model which consisted ofdetection entity, behavior library and coordination controller is proposed. Detectionentities get behavior information by statically collecting system log or dynamicallyintercepting network packets. They are also responsible for detecting and analyzingbehavior of the target system. Coordination device issues collaborative detection andprotection strategy, detection entities detect collaboratively suspicious behavior whichexisting in the system and ensure system security.Finally, the paper adopts multi-agents and jini to achieve this model which hasself-management, self-healing and cross-platform. The model uses policy mechanisms toachieve collaborative detection and protection. Agents can plug and play and cancommunicate with other agents to achieve collaboratively detection. |
PDF Full Text Request