基于Agent人工智能的异构网络多重覆盖节点入侵检测系统设计

Design of Intrusion Detection System for Heterogeneous Networks with Multiple Coverage Nodes Based on Agent Artificial Intelligence

异构网络具有结构复杂、多重覆盖面积大等特征,使得网络入侵检测较为隐蔽,威胁网络运行的安全性;为此,对基于Agent人工智能的异构网络多重覆盖节点入侵检测系统进行了研究;通过检测Agent和通信Agent装设主机Agent,以Cisco Stealthwatch流量传感器作为异构网络传感器检测攻击行为,采用STM32L151RDT664位微控制器传输批量数据,由MAX3232芯片实现系统电平转化,实现硬件系统设计;软件部分设计入侵检测标准,采用传感器设备捕获网络实时数据,通过Agent技术解析异构网络协议并提取数据运行特征,综合考虑协议解析结果及与检测标准匹配度,实现异构网络多重覆盖节点入侵检测;经实验测试表明,基于Agent人工智能的异构网络多重覆盖节点入侵检测系统入侵行为的漏检率和入侵类型误检率的平均值仅为6%和5%,能够有效提高检测精度,减小检测误差。

Heterogeneous networks have the characteristics of complex structures and large multiple coverage areas,making network intrusion detection more covert and threatening the security of network operations.To this end,a heterogeneous network multi coverage node intrusion detection system based on the Agent artificial intelligence is studied.The communication agents are installed through detecting and installing the agents,The Cisco Stealthwatch traffic sensors are taken as heterogeneous network sensors to detect attack behavior.The microcontroller of STM32L151RDT6 with 64 bits is used to transmit batch data,and MAX3232 chip is used to achieve the level conversion of the system,achieving the system hardware design.The intrusion detection standards are implemented by the software design,sensor devices are used to capture real-time network data,Agent technology is adopted to analyze heterogeneous network protocols and extract data operation characteristics.The protocol analysis results and detection standard matching degree are integrated to achieve multiple coverage node intrusion detection in heterogeneous networks.Experimental results show that heterogeneous network multi coverage node intrusion detection system based on the Agent artificial intelligence has only 6%of intrusion missed detection rate and 5%of intrusion false detection rate,which can effectively improve detection accuracy and reduce detection errors.