论文部分内容阅读
提出一种基于主机和网络的分布式入侵检测系统,利用Snort作为网络信息收集器,产生网络MLSI;使用移动代理对MLSI进行融合分析,检测传统入侵检测系统不能检测到的入侵行为。对系统中各部件的功能作了说明,利用移动代理的移动性、自治性等特性来克服目前分布式入侵检测系统中存在的实时性差、灵活性有限和动态扩展能力不足的缺点。最后给出了一个检测doorknob攻击的实例。
A distributed intrusion detection system based on host and network is proposed. Snort is used as a network information collector to generate network MLSI. Mobile agents are used to analyze MLSI to detect intrusion that traditional intrusion detection system can not detect. The functions of each component in the system are described. The mobility, autonomy and other characteristics of mobile agent are used to overcome the shortcomings of the current distributed intrusion detection system such as poor real-time performance, limited flexibility and insufficient dynamic scalability. Finally, an example of detecting doorknob attacks is given.