基于aglet移动代理技术的分布式入侵检测系统的研究-计算机应用技术专业论文.docxVIP

辽宁工程技术大学硕士学位论文摘要 辽宁工程技术大学硕士学位论文 摘要 计算机网络技术的发展，给人们的生活带来很大方便，但同时也 产生了一些不安全的因素。传统的安全技术如防火墙、加密、身份验 证等满足不了现在网络安全的需要，需要一种具有动态、实时、防御 功能的新型的安全技术。 本文在对现有的入侵检测系统模型进行分析和研究的基础上，提 出了基于移动代理技术的分布式入侵检测系统模型。它由数据收集器、 入侵检测Agent、报警Agent、响应Agent、监控Agent、代理服务器 和数据库组成。模型中使用的移动代理，能保证入侵检测系统自身的 安全。通过动态地添加、删除和修改代理，可以增强其动态配置功能 和扩展性，也可以减少对网络可靠性的要求和带宽的消耗。 本文利用误用检测技术，实现了基于网络数据包的检测。误用检 测使用模式匹配方法，它是对已知的攻击技术进行分析，提取攻击的 特征，然后对收集到的网络数据包与建立的入侵规则进行匹配，判断 是否有攻击事件发生。在模式匹配方法中，为了有效的提高入侵检测 系统的可靠性，对规则库结构进行了改进，并结合了应用层协议分析技 术，同时引入了新的匹配算法，大大地提高了检测的效率。 【关键字】入侵检测移动代理协议分析模式匹配 兰!兰堡垫查查堂堡主堂堡笙圭——ABSTRACT 兰!兰堡垫查查堂堡主堂堡笙圭—— ABSTRACT The development of computer network technology bring convenience to people， but at the meantime there are some insecure factors from them．Traditional security technology such as firewall，encryption，Identity certification doesn’t satisfy the need of modern network security，so the technology is proposed which is dynamic and real—time processing，and has response function． An intrusion detection model based on mobile agent is proposed by analyzing and researching currently distributed Intrusion Detection Model．The model is composed of data collector，intrusion agent，alarm agent，response agent，monitor agent，agent server and database．In this model，mobile agents are used to assurance security of intrusion detection system itself．Dynamic adding，deleting and modifying agents not only may strengthen dynamic configuration management and scalable property of intrusion detection system，but also may lessen reliability requirement and bandwidth consumption for network． Misuse detection technology is used to implement intrusion detection system based Oil network．Pattern match is used in misuse detection．Misuse detection technology first is to analyze known attack，pick up characters of attacks，and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened．In pattern matching method，protocol analysis is introduced in order to availably improve Intrusion D