基于移动agent的先验分布式入侵检测

Priori Distributed Intrusion Detection Based on Mobile Agent

分布式入侵检测系统最严重的缺陷是检测到入侵时不能立刻阻截可疑数据包的继续传送。本文利用移动agent提出一种基于网络的先验分布式入侵检测系统,将数据包转送给分布在网络中各种不同类型的agents处理,使可疑数据包在到达目标之前就被阻截。最后讨论了在网络通信量和延迟方面减轻系统消极影响的方法。

The most severe drawback in a distributed intrusion detection system is that the system can't block the suspicious data packets immediatly after it detects the intrusion. By using agent, this article proposes a sort of intrusion detection system that is based on the net and priori distributed, where the data packets are transferred to various agents distributed in the network for processing, and the suspicious packets blocked prior to their reaching the host target. To the end, The approaches to lowering the negative influence on the system are made, in terms of the network traffic and delay.