0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
26 tayangan3 halaman
Distributed Intrusion Detection System as the supplement of frewall can provide more efective protection means. Distributed Intrusion Detection System can cooperate with the frewall and the network management tool to constitute a three-dimensional defense system.
Distributed Intrusion Detection System as the supplement of frewall can provide more efective protection means. Distributed Intrusion Detection System can cooperate with the frewall and the network management tool to constitute a three-dimensional defense system.
Hak Cipta:
Attribution Non-Commercial (BY-NC)
Format Tersedia
Unduh sebagai PDF, TXT atau baca online dari Scribd
Distributed Intrusion Detection System as the supplement of frewall can provide more efective protection means. Distributed Intrusion Detection System can cooperate with the frewall and the network management tool to constitute a three-dimensional defense system.
Hak Cipta:
Attribution Non-Commercial (BY-NC)
Format Tersedia
Unduh sebagai PDF, TXT atau baca online dari Scribd
20IO 3rd International Conerence on Advanced Computer Theor and Engineering (CT
A Multi-Agent-Based Distributed Intrusion Detection System
Weijian Huang School of Information Science and Electrical Engineering Hebei University of Engineering Handan, China huangweijian0808@sina.com YanAn Wei Du School of Information Science and Electrical Engineering Hebei University of Engineering Handan, China xufanfffff@163.com School of Information Science and Electrical Engineering Hebei University of Engineering Handan, China Hd_dudu@163.com Abstract-Distributed intrusion detection system as the supplement of frewall can provide more efective protection means. This article describes the development trend of Distributed Intrusion Detection System, Shortcomings of Distributed Intrusion Detection System, and describes in detail the advantages, the Structure and the Principle of work of Distributed Intrusion Detection System based on multi-agent technology. It proved the superiority of A Multi-Agent-Based Distributed Intrusion Detection System. Distributed Intrusion Detection System based on multi-agent technology can efectively improve the detection accuracy and detection speed, and enhance the system's own security. A Multi-Agent-Based Distributed Intrusion Detection System can cooperate with the frewall and the network management tool to constitute a three-dimensional defense system. Keywords- Distributed Intrusion Detection System; network securit; multi-agent I. INTRODUCTION Along with the rapid development of computer network technolog and Interet, the computer network has brought the huge convenience to the people. But the Interet is open system for the general public, it does not consider Information confdentiality and security of the system completely. So interet exists Security risks, network securit situation has become more critical. Intrusion detection system can analyze and monitor customer and system activity, identif and refect the activity patters attacks activity patters that have known by Management personnel. Distibuted Intrusion Detection System collect information on several key points of the computer network or computer system and analyze this information. It can discover signs of attack and violation behaviors of network or system security policy according to the collected information. Distributed Intrusion Detection System can make up for lack of a frewall. It provides real-time network security intrusion detection and takes the appropriate protective measures. Distributed Intrusion Detection System based on multi-agent technology can effectively improve the detection accuracy and detection speed, and enhance the system's own security. A Multi-Agent-Based Distributed Intrusion Detection System can cooperate with the frewall and the network management tool to constitute a three dimensional defense system. II. DISTRIBUTED INTRUSION DETECTION SYSTEM DEVELOPMENT TRENDS AND PROBLEMS A. Development Trends Along with computer network's swif development, the network security problem is becoming more and more important. Using frewalls to protect network security is not enough, because the intruder might try to fnd open channels behind the frewall. Moreover, as a result of the performance limitations, the frewall can not normally provide an efective intrusion detection capability. Intrusion detection system is a new network security technology in recent years [1, 2]. It is a combination of hardware and sofware and it can make up frewall's insufciency, and provide effective intrusion detection and take necessary protective measures for the protected network [2, 3]. Intrusion detection is a new and rapidly developing area and it has become an important issue in network security [2, 3]. Intrusion detection methods and products are constantly being researched and developed. Intrusion detection technology has begun to show its important value of offensive and defensive instance in the network. Host-based or network-based Intrusion Detection System is almost powerless for complex attacks. Distributed intrusion detection system can curb devastating effects of this attack. B. Problems Intrusion detection system must comply with the safety and integrity of the principle and parallelism Principle. Intrusion Detection System is very diffcult to meet the three principles, so Intrusion Detection System still has many defects and hazards [1]:
Intrusion detection system can't test the entire packet very well.
Signature database updates is not timely.
Detection method is single.
Different Intrusion Detection Systems can not interoperate.
Intrusion Detection Systems and other network securit products can not interoperate. 978-1-4244-6542-2/$26.00 2010 IEEE V3-141 2010 3rd International Conference on Advanced Computer Theor and Engineering (ICACTE)
Intrusion detection systems' architecture needs to be improved. III. A MULTI-AGENT-BASED DISTRIBUTED INTRUSION DETECTION SYSTEM A. Advantages A Multi-Agent-Based Distributed Intrusion Detection System's advantages are as follows [1, 4]:
Distributed Intrusion Detection System based on multi-agent technology has a good independent, stong fexibilit, good scalability. It uses Agent's autonomy and system structure to ensure Intrusion Detection System scale extensible. Intrusion Detection Module is designed by a unifed famework and its rules can be extended.
It uses a top-down control mechanism which can work layer by layer to prevent the spread of damage. Upper entit can control lower entity. Entities in the same layer can send transaction information with each other.
Resilience of the system is very stong. Each Agent has a System image inspection system to ensure its safety. Once an Agent lost its fnction, it will send an initiative message to the upper, and the upper Agent will do Restoration work.
It uses the analysis of Agent for application sofware to protect a number of important applications. It uses data integrit analysis technology to make detection more accurate. B. Framework #1 #g91 ,. eW1 Se f- LM @@C#0W+ .: .: e t- f e t #1 Wg91 t - - j f eW1 e f ; LW 0S1+ e e .: .: = =
#1 WgS1 eW1 e l S LW e10t + S U U t t t t #1 #1 #1 L0eC0W L0cCW L0McC0W .: eW1 eW1 eW1 e e LW e LW e LW tt @@C&0W 0S1* e1W0z * -
i i i ;: U @@C& 0n gS1m0@+ e1W0z 9N91m0g+ 'akt .. Figure I. A Multi-Agent-Based Distributed Intrusion Detection System's framework [5] The fgure describes a Multi-Agent-Based Distributed Intrusion Detection System's famework. The system consists of a number of Agents that have diferent fnctions in the network to form a Uniform level of system. These agents can either work independently or work together. Data collection agent has three categories [4, 5]: data collection agent based on host, data collection agent based on network, data collection agent based on applications. The main job of data collection agent is to collect raw data [4, 5]. These raw data includes the State and behavior of system, network and user activity. Data collection agent flters and re-organizes the raw data collected, then transmitters to data analysis agent. Data analysis agent has three categories [4, 5]: data analysis agent based on host, data analysis agent based on network, data analysis agent based on applications. Data analysis agent's main job is to do a comprehensive analysis with the data that data collection agent sent to. Data analysis agent can detect the intrusion involving multiple hosts, networks and applications. Data analysis agent is the key to the whole Intrusion Detection System [4, 5]. The accuracy of Data analysis agent directly affects the performance of whole system. Communication agent's main task is in charge of related agent's communications. Communication agent can not detect and control. Communication Agent is responsible for transmission of all information fow [4, 5]. Center agent monitors in the high-level the whole system's operation. System administrator use center agent to manage the entire Distributed Intrusion Detection System. C Working principle Fil Sener Worktton Netrk Eis Worktton Figure 2. A Multi-Agent-Based Distributed Intrusion Detection System's principle of work V3-142 2010 3rd International Conerence on Advanced Computer Theor and Engineering (CT The fgure describes a multi-agent-based Distributed Intrusion Detection System's principle of work. Distributed Intrusion Detection System based on multi-agent technology uses the architecture of Distributed Intrusion Detection System and uses a variet of advanced intrusion analysis and detection technology comprehensively. These intrusion analysis and detection technologies include patter matching, Protocol analysis, anomaly detection, key surveillance, content resume, network audit and so on[ 4, 5]. Intrusion Detection System based on multi-agent technology can monitor and analysis of network communication and provide real-time intrusion detection and the corresponding preventive methods. It can create comprehensive network securit protection. In specifc deployment Data collection agent should be fexible confgured according to actual situation, such as network rate, the data encryption, network for switching and so on[4, 5]. Data analysis agent uses misuse detection technology based on the expert system ,State analysis and attacking tree analysis to make the proper response to attack[4, 5]. Data analysis agent can achieve high detection rate, low false alarm and timely response [4, 5]. Communication agent is a multi-agent-based Distributed Intrusion Detection System's key parts. Communication agent can not detect and control attack, so communication agent must set reliable security mechanism. Center agent can determine the condition that data analysis agent can't judge, unity allocate and manage the entire Agent in the system, display the alarm information and respond to treatment. IV. SUMMARY In the current state of computer security, the security protection based on frewalls and encryption technology is very important and we must develop Distributed intrusion detection technology in order to improve the system's securit status. A Multi-Agent-Based Distributed Intrusion Detection System can improve the detection accuracy and detection speed, and enhance the system's own security. ACKNOWLEDGMENT The work is supported by the project of the Social Science Foundation of Hebei Province under Grant No. HB09BSH006. REFERENCES [I] Yixue Wang, A Sort of Multi-Agent Cooperation Distributed Based Intrusion Detection System, Modem computer,2008. [2] Jianchun Jiang, Hengtai Ma,Dangen Ren,Network Security Intrusion Detection, Joural of Sofware,2000. [3] JMarin,D.Ragsdale,and JSurdu, A hybrid approach to the profle creation and intrusion detection, Proc.of DARPA Information Survivability Conference&Exposition 11,2001. [4] Ming Tan,Xiaolong Hu,Liancheng Liu, Based on multi-examination technology invasion examination system model, Computer project and design,2008 [5] Ming Xiao, Distributed Intrusion Detection System Design, Electronic Science and Technology University,2002. [6] Yunfang Chen, Distributed Intrusion Detection System Key Technology Research, Lanzhou University,2008. [7] Yufeng Zhong, An architecture of Distributed Intrusion Detection System, Applied science and technology,2008. [8] Jie Zhu, Distributed Intrusion Detection System, Central South University,2006 [9] Ying Liu, Yong Hou,The Deployment of Distributed intrusion Detecting System, Offce Automation Magazine,2007 V3-143