Institutional Repository
| 基于Agent分布式入侵检测系统模型的建模及实践 | |
| 马恒太 | |
| Major | 计算机应用技术 |
| 2001 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 中国科学院软件研究所 |
| Keyword | 入侵检测 分布式模型 通讯 协作 |
| English Abstract | 本论文首先对入侵检测方面的相关工作进行了总结。在分析已有分布式入侵检测模型的基础上,提出了一个基于Agent的分布式入侵检测系统模型框架。该模型提供了基于网络和基于主机入侵检测部件的接口,为不同Agent之间的相互协作提供了条件。在分布式环境中,按照系统和网络的异常使用模式的不同特征和环境差异,可利用不同的Agent进行检测,各Agent相互协作,检测异常行为。本模型是一个开放的系统模型,具有很好的可扩充性,易于加入新的协作主机和入侵检测Agent,也易于扩充新的入侵检测模式。本模型采用没有中心控制模块的并行Agent检测模式,各Agent之间的协作是通过它们之间的通讯来完成的,各Agent之间可以交流可疑信息和进行数据收集。Agent之间各自独立,相互协作,合作完成检测任务。另外模型采用一定的状态检查和验证策略,保证了Agent的自身和通信安全。该模型与特定的系统应用环境无关,因此,提供了一个通用的入侵检测系统框架模型。在本论文中,我们还给出了一些工作情况总结,其中主要有审计机制和面向入侵检测弱点数据库的建立,这两个方面都是建立入侵检测系统的基础,我们在这些方面已经进行了相当多的积累工作,这对实验和建立我们的入侵检测系统具有相当大的帮助。 |
| Abstract | This paper begins with the summary of current IDS research. With the analysis of the existing Distributed-IDS models, we proposed a framework model of distributed-IDS based on Agents. This model provides the IDS interface for Network and for hosts, which is foundation of the cooperation among different Agents. In distributed environment, according to the different system or network usage pattern and environment diversity, a various set of agents will be created which cooperate to detect the anomalous aspects. This model is an open system with good scalability. It is easy to add new cooperated hosts and agents and to expand new intrusion patterns. Agents work in a concurrent way without any central controlling module. The cooperation among Agents is implemented just by the communication by which the agents can exchange suspicious messages and collect data. Agents are independent but cooperate with others when they take their actions. The state-checking and policy of authentication mechanism ensure the security of the agents themselves and the communication among them. This model is independent to some specific application environment, thus providing a general-purpose framework of an intrusion detection system. The summary of our work was presented in this paper, which includes the audit scheme and the creation of the vulnerability database. We have done a lot of research in this field since it is the foundation of the IDS and is great helpful to our practice. |
| Pages | 109 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/5672 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 马恒太. 基于Agent分布式入侵检测系统模型的建模及实践[D]. 中国科学院软件研究所. 中国科学院软件研究所,2001. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| LW004420.pdf(1786KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment