基于JAVA的局域网网络入侵检测系统的方案与实现.docVIP

基于代理的入侵检测系统的实现 摘 要 入侵检测系统在如今的网络安全领域已经成为一个关键性的组件，但传统的入侵检测系统存在的一定的不足，如误报率和漏报率比较高，检测速度慢，占用资源多等。为了适应网络安全的发展需求，针对现有的入侵检测系统，结合移动代理技术，提出了基于移动代理的分布式入侵检测模型。 本文首先分析了当今网络安全的现状和存在的问题，指出了传统的入侵检测系统的局限性，并阐述了入侵检测技术的发展历史和研究现状。然后讲叙了分布式入侵检测模型的构成，在该模型各个分布节点上使用Snort抓取网络数据包，并记录可疑攻击数据，通过移动代理技术对可疑数据融合后进行综合分析，完成对分布式入侵的检测功能。该模型在windows环境下实现，采用日本IBM公司的代理移动代理环境，结合Snort入侵检测系统，利用JAVA语言编程，实现从可疑数据中，分析出攻击行为，并自动添加相应规则，增强对网络的保护能力。 关键字：分布式；移动代理；入侵检测；Snort；代理 The Realization of Intrusion Detection System Based on Agent Abstract Today, intrusion detection system has become a key part of the area of the network security, but there still has some disadvantages in traditional intrusion detection systems, such as the high false positive rate and the high false negative rate，the slowly speed of detection, taking up a lot of resources and so on. In order to meet the demands of the network secure development, the thesis provides the mode of distributed intrusion detection system based on mobile Agent technology according to nowadays intrusion detection system. First of all, the status and existed problems about the security of network is analyzed in this thesis, which points out the limitations of the traditional intrusion detection systems, and gives detail descriptions of the development history and the research status of the intrusion detection technology. Second, the thesis describes the mode of the distributed intrusion detection system based on mobile Agent technology. In this mode Snort is used on the distributed nodes to grasp the network data packets, and record the suspicious data. The system realizes the general analysis on fused suspicious data collected by the mobile Agent technology. This system is realized in the windows operation system, which adopts the Agent mobile Agent belonged to the Japanese IBM company and combined with snort intrusion detection system. The system developed in java language analyzes the intrusion behavior, increases the rules automatically, and strengthens the abilit