多代理分布式入侵检测系统在校园网中的应用

Application of Multi-agent-based Distributed Intrusion Detection System on Campus Network

近年来,入侵检测系统(IDS)作为信息系统安全的重要组成部分,得到了广泛的重视。可以看到,仅仅采用防火墙技术来构造网络的安全体系是远远不够的,很多攻击可以绕过防火墙。入侵检测技术可以在网络系统受到损害前对入侵行为做出拦截和响应。基于代理的分布式入侵检测系统实现了基于主机和基于网络检测的结合,为网络系统提供更好的安全保护。文中针对防火墙技术的不足,在对入侵检测技术及其通用架构做出分析和研究后,设计了一种基于代理的分布式入侵检测系统,并给出了在某校园网中的实现。

In recent years, intrusion detection system (IDS), being the important part of the information security system, has gained extensive attentions. It is not enough to count on firewall technology to realize network security, because firewall cannot defend the network against all attacks. Intrusion detection is a technology that can detect intrusion and make response before network system will get harm. It provides a better safeguard for network system by the multi-agent-based distributed intrusion detection system that combines host-based IDS with network-based IDS. A multi-agent-based distributed intrusion detection system, being a way to solve the limitation of firewall, is given after the technology of intrusion detection (ID) and common intrusion detection framework (CIDF) have been analyzed and studied. Finally, the realization of agent on a Campus Network is introduced in this paper.