A Distributed Intrusion Detection System Based On Mobile Agent Is Studied

Intrusion detection system (IDS) can effectively compensate for the defect of traditional security protection technology. It has become an important technology of the network safety. However, the traditional IDS based on the host or network has certain limitations such as single point failure, occupation of network bandwidth, poor collaboration and low scalability. Owning to its unique features of dynamic migration, platform independence, low network flow, distribution flexibility and high scalability, the application of mobile agent technology in IDS can make up for the deficiency of traditional IDS.After analyzing the intrusion detection technology and mobile agent technology, this paper puts forward a system model of distributed intrusion detection system based on mobile agent (DIDSMA). Three-layer-structure is included in this model:the data acquisition layer, the management layer and the control layer. The data acquisition layer is responsible for data acquisition and the preliminary analysis. The management layer is for overall data analysis tests and management of the mobile agent in the lower layer. The control layer is for the management and configuration of the whole system and the comprehensive analysis of the intrusion behavior. The agents are located in different hosts. They can both work independently and collaboratively. They can communicate with each other. Each host can have multiple agents. In this paper the main functional modules are detailed designed. With the help of packet capture tool Winpcap the network data acquisition is realized. The host data acquisition is fulfilled by the tool of dumpel owned in the Windows. The system analyzes and detects the data based on the probability statistical algorithms and mining algorithm. At the same time communication module is designed in the system, including the communication between the mobile agents in the same layer and the agent communication between upper and lower. Finally, the system is realized and tested by the aglet platform in the Windows environment. The test results show that the detection system can accurately detect the various attacks. The system takes up cyber source less and has better expansibility.