èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽAgentçš„åˆ†å¸ƒå¼å…¥ä¾µæ£€æµ‹ç³»ç»Ÿæ¨¡åž‹

Distributed Model of Intrusion Detection System Based on Agent

æŽ¨è CAJä¸‹è½½
PDFä¸‹è½½
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ é©¬æ’å¤ªï¼› è’‹å»ºæ˜¥ï¼› é™ˆä¼Ÿé”‹ï¼› å¿æ–¯æ±‰ï¼›

ã€Authorã€‘ MA Heng-tai JIANG Jian-chun CHEN Wei-feng QING Si-han(State Key Laboratory of Information Security Institute of Software The Chinese Academy of Sciences Beijing 100080) (Engineering Research Center for Information Security Technology\ The Chinese

ã€æœºæž„ã€‘ ä¸å›½ç§‘å¦é™¢è½¯ä»¶ç ”ç©¶æ‰€ä¿¡æ¯å®‰å…¨å›½å®¶é‡ç‚¹å®žéªŒå®¤!åŒ—äº¬100080ï¼› ä¸å›½ç§‘å¦é™¢ä¿¡æ¯å®‰å…¨æŠ€æœ¯å·¥ç¨‹ç ”ç©¶ä¸å¿ƒåŒ—äº¬100080,ä¸å›½ç§‘å¦é™¢è½¯ä»¶ç ”ç©¶æ‰€ä¿¡æ¯å®‰å…¨å›½å®¶é‡ç‚¹å®žéªŒå®¤!åŒ—äº¬100080ï¼› ä¸?ï¼›

ã€æ‘˜è¦ã€‘ æå‡ºäº†ä¸€ä¸ªåŸºäºŽ Agentçš„åˆ†å¸ƒå¼å…¥ä¾µæ£€æµ‹ç³»ç»Ÿæ¨¡åž‹æ¡†æž¶ .è¯¥æ¨¡åž‹æä¾›äº†åŸºäºŽç½‘ç»œå’ŒåŸºäºŽä¸»æœºå…¥ä¾µæ£€æµ‹éƒ¨ä»¶çš„æŽ¥å£ ,ä¸ºä¸åŒ Agentçš„ç›¸äº’åä½œæä¾›äº†æ¡ä»¶ .åœ¨åˆ†å¸ƒå¼çŽ¯å¢ƒä¸ ,æŒ‰ç…§ç³»ç»Ÿå’Œç½‘ç»œçš„å¼‚å¸¸ä½¿ç”¨æ¨¡å¼çš„ä¸åŒç‰¹å¾å’ŒçŽ¯å¢ƒå·®å¼‚ ,å¯åˆ©ç”¨ä¸åŒçš„ Agentè¿›è¡Œæ£€æµ‹ ,å„ Agentç›¸äº’åä½œ ,æ£€æµ‹å¼‚å¸¸è¡Œä¸º .è¯¥æ¨¡åž‹æ˜¯ä¸€ä¸ªå¼€æ”¾çš„ç³»ç»Ÿæ¨¡åž‹ ,å…·æœ‰å¾ˆå¥½çš„å¯æ‰©å……æ€§ ,æ˜“äºŽåŠ å…¥æ–°çš„åä½œä¸»æœºå’Œå…¥ä¾µæ£€æµ‹ Agent,ä¹Ÿæ˜“äºŽæ‰©å……æ–°çš„å…¥ä¾µæ£€æµ‹æ¨¡å¼ .å®ƒé‡‡ç”¨æ²¡æœ‰ä¸å¿ƒæŽ§åˆ¶æ¨¡å—çš„å¹¶è¡Œ Agentæ£€æµ‹æ¨¡å¼ ,å„ Agentä¹‹é—´çš„åä½œæ˜¯é€šè¿‡å®ƒä»¬ä¹‹é—´çš„é€šä¿¡æ¥å®Œæˆçš„ ,å„ Agentä¹‹é—´å¯ä»¥äº¤æµå¯ç–‘ä¿¡æ¯å’Œè¿›è¡Œæ•°æ®æ”¶é›† .Agentä¹‹é—´å„è‡ªç‹¬ç«‹ ,ç›¸äº’åä½œ ,åˆä½œå®Œæˆæ£€æµ‹ä»»åŠ¡ .å¦å¤– ,æ¨¡åž‹é‡‡ç”¨ä¸€å®šçš„çŠ¶æ€æ£€æŸ¥å’ŒéªŒè¯ç–ç•¥ ,ä¿è¯äº† Agentçš„è‡ªèº«å®‰å…¨å’Œé€šä¿¡å®‰å…¨ .è¯¥æ¨¡åž‹ä¸Žç‰¹å®šçš„ç³»ç»Ÿåº”ç”¨çŽ¯å¢ƒæ— å…³ ,å› æ¤ ,æä¾›äº†ä¸€ä¸ªé€šç”¨çš„å…¥ä¾µæ£€æµ‹ç³»ç»Ÿæ¡†æž¶æ¨¡åž‹æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ The framework model proposed in this paper is a real time intrusion detection sy stem based on Agent, which provides an interface for intrusion detection com pone nts. Such interface can be used to detect intrusion behaviors based on both netw ork and hosts. According to the different system or network usage patterns and e nvironment diversity, a set of various agents will be created which cooperate to detect the anomalous aspects. The proposed model is an open system, which h as g ood scalability. It is easy to add new cooperating hosts and agents and to expan d new intrusion patterns. agents work in a concurrent way without any central co ntrolling module. The cooperation among Agents is implemented just by communicat ion. Agents are independent but are capable of communicating with each other whe n they take their actions. The state-checking and policy of authentication mech anism ensure the security of the agents themselves and the communication among t hem. This model is independent of specific application environment, thus providi ng a general-purpose framework for intrusion detection systems.æ›´å¤š è¿˜åŽŸ