基于代理的分布式入侵检测系统的设计与实现

【作者】 付湘琼；

【导师】 胡建华；

【作者基本信息】 昆明理工大学 ， 计算机应用技术， 2003， 硕士

【摘要】 随着网络发展，黑客入侵事件的日益猖獗，人们发现只从防御的角度构造安全系统是不够的，入侵检测逐渐成为网络安全新的手段。入侵检测技术是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。它对计算机和网络资源上的恶意使用行为进行识别和响应，它不仅检测来自外部的入侵行为，同时也监督内部用户的未授权活动。 本文从目前入侵检测系统的现状入手，指出传统分布式入侵检测系统的不足，设计并实现一种基于代理的分布式入侵检测系统。代理是执行一定安全监视和入侵检测功能的软件代理，它可以在有或无其他代理的条件下工作，可以接受高层其他实体的控制指令，如启动、停止、运行参数的改变等等。论文的基本思想是利用分布的独立模块完成对入侵检测的数据采集和数据分析，通过整体的相互协作实现对整个系统监控。 该系统具有良好的分布性和扩展性，它可以将基于网络和基于主机的入侵检测系统有机地结合在一起，提供集成化的检测、报告和响应功能。更多还原

【Abstract】 With more and more site intruded by hackers, security expert found that only use protection technology to build a security system is not enough, and the Intrusion Detection has became a new way for network security. The Intrusion Detection System (IDS) is a new security technology, which apart from tradition security protect technology, such as firewall and data crypt. IDS watch the computer and network traffic for intrusive and suspicious activities. They not only detect intrusions from the internet hacker, but also the intranet unauthorized users.Aiming at the deficiency of traditional Distributed Intrusion Detection System, this paper begins with status of intrusion detection, and then has designed and realized a Distributed Intrusion Detection System Based on Agent. Agent is software agent, which performs the function of security watch and intrusion detection, and it can work well whether other agents exist or not. It can be controlled by higher authorized entity, such as start, stop, change running parameter, and so on. The basic idea is that some distributed modules independently perform data collection and data analysis, which are two functions in intrusion detection, and the system watches whole system by all modules cooperating with each other.This system has good distribute and scalable ability. It can combine the network-based IDS and host-based IDS into a system, and can provide an integration environment for detection, report and response.更多还原