论文部分内容阅读
提出了一个基于 Agent的分布式入侵检测系统模型框架 .该模型提供了基于网络和基于主机入侵检测部件的接口 ,为不同 Agent的相互协作提供了条件 .在分布式环境中 ,按照系统和网络的异常使用模式的不同特征和环境差异 ,可利用不同的 Agent进行检测 ,各 Agent相互协作 ,检测异常行为 .该模型是一个开放的系统模型 ,具有很好的可扩充性 ,易于加入新的协作主机和入侵检测 Agent,也易于扩充新的入侵检测模式 .它采用没有中心控制模块的并行 Agent检测模式 ,各 Agent之间的协作是通过它们之间的通信来完成的 ,各 Agent之间可以交流可疑信息和进行数据收集 .Agent之间各自独立 ,相互协作 ,合作完成检测任务 .另外 ,模型采用一定的状态检查和验证策略 ,保证了 Agent的自身安全和通信安全 .该模型与特定的系统应用环境无关 ,因此 ,提供了一个通用的入侵检测系统框架模型
An agent-based distributed intrusion detection system model framework is proposed.The model provides interfaces based on network and host-based intrusion detection components and provides the conditions for the mutual cooperation of different Agents.In a distributed environment, according to the system and network Different characteristics of abnormal usage patterns and environmental differences can be detected using different Agent, each Agent cooperate with each other to detect abnormal behavior. The model is an open system model with good scalability, easy to join a new collaboration host And intrusion detection Agent, it is also easy to expand the new intrusion detection mode.It adopts the parallel Agent detection mode without central control module, and the cooperation among agents is completed through the communication between them, and the agents can exchange suspicious information Information and data collection.Agent independent, mutual cooperation and cooperation to complete the task of detection.In addition, the model uses a certain state inspection and verification strategy to ensure the Agent’s own security and communications security.This model and the specific system environment Irrelevant, therefore, provides a common intrusion detection system framework Type