摘要
提出了一个基于 Agent的分布式入侵检测系统模型框架 .该模型提供了基于网络和基于主机入侵检测部件的接口 ,为不同 Agent的相互协作提供了条件 .在分布式环境中 ,按照系统和网络的异常使用模式的不同特征和环境差异 ,可利用不同的 Agent进行检测 ,各 Agent相互协作 ,检测异常行为 .该模型是一个开放的系统模型 ,具有很好的可扩充性 ,易于加入新的协作主机和入侵检测 Agent,也易于扩充新的入侵检测模式 .它采用没有中心控制模块的并行 Agent检测模式 ,各 Agent之间的协作是通过它们之间的通信来完成的 ,各 Agent之间可以交流可疑信息和进行数据收集 .Agent之间各自独立 ,相互协作 ,合作完成检测任务 .另外 ,模型采用一定的状态检查和验证策略 ,保证了 Agent的自身安全和通信安全 .该模型与特定的系统应用环境无关 ,因此 。
The framework model proposed in this paper is a real time intrusion detection sy stem based on Agent, which provides an interface for intrusion detection com pone nts. Such interface can be used to detect intrusion behaviors based on both netw ork and hosts. According to the different system or network usage patterns and e nvironment diversity, a set of various agents will be created which cooperate to detect the anomalous aspects. The proposed model is an open system, which h as g ood scalability. It is easy to add new cooperating hosts and agents and to expan d new intrusion patterns. agents work in a concurrent way without any central co ntrolling module. The cooperation among Agents is implemented just by communicat ion. Agents are independent but are capable of communicating with each other whe n they take their actions. The state-checking and policy of authentication mech anism ensure the security of the agents themselves and the communication among t hem. This model is independent of specific application environment, thus providi ng a general-purpose framework for intrusion detection systems.
出处
《软件学报》
EI
CSCD
北大核心
2000年第10期1312-1319,共8页
Journal of Software
基金
国家重点基础研究发展规划项目!(No.G1990 35 810 )
中国科学院软件研究所青年创新基金!(No.cx2 k5 60 6)
