基于移动Agent的入侵检测系统改进研究
|
摘要
在现代社会互联网飞速发展的同时,入侵攻击、拒绝服务攻击、网络资源滥用等威胁也如影随形,使得计算机网络安全问题日益突出,成为信息化建设的一个核心问题。面对网络大规模化和入侵复杂化的发展趋势,传统的网络安全技术暴露出诸多缺陷。
本文首先介绍了国内外IDS的发展历程和现状,分析了当前入侵检测所面临的主要问题和发展趋势。虽然移动Agent独特的自主性和移动性可以提高入侵检测系统的健壮性和容错性,增强适应性和可扩展性,使得移动Agent技术目前已经用于入侵检测系统,但是考虑目前入侵检测所面临的问题,有必要对基于移动Agent的入侵检测系统改进。
其次,在对现有的基于移动Agent的入侵检测系统分析基础上,分析采用以IBM的Aglet移动代理平台为Agent运行环境;以2个模块(管理控制模块和监视控制模块)和4个代理(数据采集Agent、数据分析Agent、跟踪Agent和控制Agent)来构建此系统模型;同时采用层次性的双中心通信模型(以数据采集Agent和控制Agent为中心)和3层(数据采集层、数据分析层和控制管理层)通讯机制;以保证系统的安全性和减少数据传输量,力求将基于主机与基于网络的入侵检测技术结合在一起,增强系统的检测能力。
最后设计和实现了基于移动Agent的入侵检测系统,通过系统测试验证其完整性、可扩展性、安全性,证明其有效。
With the development of the Internet in the modern society, invasion, service refusal attack and abuse of the Internet resources are also inoperable, which makes the Internet safe of computers stand out and become a core question of information construction. To the development of large-scale Internet and invading complication, the traditional Internet safe technology exposes lots of defect.
Firstly, the development and background of IDS are introduced, while the main problem and the trend of intrusion detection are also analyzed. Although the unique independence, mobility of Mobile Agent can improve the haleness, tolerableness, adaptability and expansi- bility of the intrusion detection system, which induce Mobile Agent has used for intrusion detection system, it is necessary to improve on the intrusion detection system which base on Mobile Agent for questions faced the intrusion detection system.
Secondly, after analyzing the intrusion detection system of Mobile Agent, this system model is constructed by two module (administration module and surveillance module) and four Agent (info Collection Agent, Analysis Agent, Track Agent and Management Controlling Agent) the operation surrounding of which is removal flat of IBM Aglet as Agent, of which the communication mechanism is double center (info Collection Agent and Management Controlling Agent)communication model at administrative level and three phase(data collection phase, data analysis phase and controlling management phase)in order to ensure the safety of system and decrease data transmission. Furthermore, it is also can combine the intrusion detection technology both of host computer and of internet and improve the ability of systemic detection.
At last, the intrusion detection system of Mobile Agent is designed and implemented, the validity of which is proved by experiment at aspects of integrality, expansibility and safety.
本文首先介绍了国内外IDS的发展历程和现状,分析了当前入侵检测所面临的主要问题和发展趋势。虽然移动Agent独特的自主性和移动性可以提高入侵检测系统的健壮性和容错性,增强适应性和可扩展性,使得移动Agent技术目前已经用于入侵检测系统,但是考虑目前入侵检测所面临的问题,有必要对基于移动Agent的入侵检测系统改进。
其次,在对现有的基于移动Agent的入侵检测系统分析基础上,分析采用以IBM的Aglet移动代理平台为Agent运行环境;以2个模块(管理控制模块和监视控制模块)和4个代理(数据采集Agent、数据分析Agent、跟踪Agent和控制Agent)来构建此系统模型;同时采用层次性的双中心通信模型(以数据采集Agent和控制Agent为中心)和3层(数据采集层、数据分析层和控制管理层)通讯机制;以保证系统的安全性和减少数据传输量,力求将基于主机与基于网络的入侵检测技术结合在一起,增强系统的检测能力。
最后设计和实现了基于移动Agent的入侵检测系统,通过系统测试验证其完整性、可扩展性、安全性,证明其有效。
With the development of the Internet in the modern society, invasion, service refusal attack and abuse of the Internet resources are also inoperable, which makes the Internet safe of computers stand out and become a core question of information construction. To the development of large-scale Internet and invading complication, the traditional Internet safe technology exposes lots of defect.
Firstly, the development and background of IDS are introduced, while the main problem and the trend of intrusion detection are also analyzed. Although the unique independence, mobility of Mobile Agent can improve the haleness, tolerableness, adaptability and expansi- bility of the intrusion detection system, which induce Mobile Agent has used for intrusion detection system, it is necessary to improve on the intrusion detection system which base on Mobile Agent for questions faced the intrusion detection system.
Secondly, after analyzing the intrusion detection system of Mobile Agent, this system model is constructed by two module (administration module and surveillance module) and four Agent (info Collection Agent, Analysis Agent, Track Agent and Management Controlling Agent) the operation surrounding of which is removal flat of IBM Aglet as Agent, of which the communication mechanism is double center (info Collection Agent and Management Controlling Agent)communication model at administrative level and three phase(data collection phase, data analysis phase and controlling management phase)in order to ensure the safety of system and decrease data transmission. Furthermore, it is also can combine the intrusion detection technology both of host computer and of internet and improve the ability of systemic detection.
At last, the intrusion detection system of Mobile Agent is designed and implemented, the validity of which is proved by experiment at aspects of integrality, expansibility and safety.
引文
1 胡道元,阂京华.网络安全.清华大学出版社,2004:263~264
2 戚文静,刘学.网络安全原理与应用.中国水利水电出版社,2005:1~2
3 雷建军.计算机网络实用技术.第二版.中国水利水电出版社,2006:7~8
4 周明全,吕林涛,李军怀.网络信息安全技术.西安电子科技大学出版社,2003:12~14
5 金飞蔡.基于移动Agent技术的入侵检测系统的设计与实现.电子科技大学硕士学位论文,2004:3~4
6 于锋.计算机网络与通信.中国水利水电出版社,2003:125~126
7 张泉方,陈火根.计算机网络实用教程.中国水利水电出版社,2003:189~199
8 蔡立军,李立明等.计算机网络安全技术.第二版.中国水利水电出版社,2006:210~211
9 包剑.基于移动代理的分布式入侵检测系统研究.长春理工大学学报,2006,8(5):80~81
10 刘玮.基于移动代理的分布式入侵检测系统研究.中国科技信息,2007,6(1):145~146
11 杨兴江.智能入侵检测系统的研究.阿坝师范高等专科学校学报,2004,4(12):95~97
12 J. Anderson. Computer security threat monitoring and surveillance. [P]. PA 19034, USA, 1980
13 D. E. Denning,. G. Neumann. Requirements and model for IDES-a real-time intrusion detection expert system[R]. Technical report, Computer Science Laboratory, RI International, USA, 1985
14 向明尚,李瑞芳.基于动态Agent的分布式入侵检测系统设计与实现.长江大学学报(自然版),2006,2(1):76~78
15 D. E. Denning. An intrusion detection model. IEEE Transactions. On Software Engineering,. VOL. SE-13, 1987: 222~232
16 L. T. Heberlein, et al. A Network security monitor[M]. 1990 Symposium on Research in Security and Privacy, Oakland, CA, 1990: 296~304
17 S. R. Snapp, J. Brentano, G. Dias, et al. DIDS(Distributed Intrusion Detection System)-motivation, Architecture, and an early prototype, In: Proceedings of the 14" National Computer Security Conference, Washington, DC, 1991
18 B. Mukherjee, L. T. Heberlein, K. N. Levitt. Network intrusion detection. IEEE Netwok, 1994
19 S. Cheung, R. Crawford, M. Dilger, etcal. The DesignofGrIDS: A graph based intrusion detection system. Technical Report CSE-99-2, U. C. Davis Computer Science Department, 1999
20 P. A. Porras and P. G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, In: Proceedings of The 1997 National Information Systems Security Conference, 1997
21 CISCO. Netranger intrusion detection system. Technical Information, April 1999
22 Internet Security System, ntrusion to RealSecurity Version 3.0, 2006
23 G. Vigna, R. A. Kemmerer, NetSTAT: A network based intrusion detection system. Journal of Computer Security 7, 1999: 37~91
24 Wayne Jansen, Peter Mell, Tom Karygiannis, Don Marks. Applying Mobile Agents to Intrusion Detection and Response. NIST Interim Report(IR)—6416, 2001
25 C. L. Susan, V. H. David. Training a Neural-Network Based Intrusion Detection. IEEE Transactions on system, man and sybernetics-parta: System and Humans, 2004
26 张光荣.基于移动代理的分布式入侵检测系统的研究.计算机工程与设计,2006,3(5):3328~3330
27 魏衍君.基于移动代理的分布式入侵检测系统设计与实现.微计算机信息,2006,10(3):43~44
28 彭川.基于移动Agent的分布式入侵检测系统.中南民族大学学报(自然科学版),2006,6(8):74~76
29 R. Heady, G. Luger, A. Maccabe, and M. Servilla. The Architecture of a Network Level Intrusion Detection System. Technical report, University of New Mexico, Department of Computer Science, 1990
30 郑文波.一种基于Agent的IDS结构模型设计.计算机与网络,2006,6(11):118~119
31 杜瑞忠.基于Agent的分布式入侵检测系统.河北大学学报(自然科学版),2004,2(7):302~306
32 冯劲梅.基于Agent的入侵检测系统层次结构模型.计算机工程与应用,2003,12(8):11~13
33 闫崇军.一种基于Agent的网络入侵检测系统.计算机与网络,2005,5(8):43~45
34 沈权.基于移动代理的分布式入侵检测系统体系结构研究.合肥工业大学硕士论文,2006:8~9
35 刘丽.基于移动Agent的分布式入侵检测系统研究.网络安全技术与应用,2006,2(5):16~17
36 李玉娟,李传林.一种新的基于Agent的入侵检测模型.计算机应用研究,2004,7(4):104~105
37 张思松.一种基于移动Agent的分布式入侵检测模型.铜陵学院学报,2006,4(10):70~71
38 韩景灵.一种改进的基于Agent的分布式入侵检测系统.电脑开发与应用,2006,8(2):19~20
39 赵铭.基于Agent的入侵检测系统框架研究.计算机工程与应用,2002,5(10):176~177
40 李凯.一种基于Agent的入侵检测系统模型.微电子学与计算机,2004,10(8):55~56
41 朱桂宏.基于移动Agent的分布式入侵检测系统研究.福建电脑,2006,3(4):117~118
42 赵佳奇.基于移动Agent的分布式入侵检测系统.西安理工大学硕士论文,2004:10~11
43 刘永华.基于移动Agent的入侵检测系统.西安理工大学硕士论文,2004:10~11
44 韩晓芸.基于移动Agent的入侵检测系统模型研究与分析.福建电脑,2006,2(1):11~12
45 索韩斌.基于Mobile Agent分布式入侵检测系统的研究与实现.重庆大学硕士学位论文,2006:28~29
46 王兴柱.基于移动Agent的入侵检测的研究和实现.西南交通大学研究生学位论文,2005:33~34
47 郭忠文.Agent推与拉通信模式性能比较临界条件及推模式算法.计算机研究与发展,2006,5(6):393~394
48 杨洪万.一种基于Agent技术的网络安全系统模型.山东师范大学学报(自然科学版),2002,3(4):20~21
49 黄爱民.基于移动代理的分布式入侵检测系统研究.贵州大学硕士学位论文, 2006:27~28
50 何汉明.基于Agent的智能入侵检测系统的开发研究.控制工程,2005,12(3):242~243
51 满红芳.基于移动Agent的分布式入侵检测系统研究.山东师范大学硕士等位论文,2006:31~44
52 肖书成.基于移动代理的入侵检测系统的研究与实现.重庆大学硕士学位论文,2004:56~58
2 戚文静,刘学.网络安全原理与应用.中国水利水电出版社,2005:1~2
3 雷建军.计算机网络实用技术.第二版.中国水利水电出版社,2006:7~8
4 周明全,吕林涛,李军怀.网络信息安全技术.西安电子科技大学出版社,2003:12~14
5 金飞蔡.基于移动Agent技术的入侵检测系统的设计与实现.电子科技大学硕士学位论文,2004:3~4
6 于锋.计算机网络与通信.中国水利水电出版社,2003:125~126
7 张泉方,陈火根.计算机网络实用教程.中国水利水电出版社,2003:189~199
8 蔡立军,李立明等.计算机网络安全技术.第二版.中国水利水电出版社,2006:210~211
9 包剑.基于移动代理的分布式入侵检测系统研究.长春理工大学学报,2006,8(5):80~81
10 刘玮.基于移动代理的分布式入侵检测系统研究.中国科技信息,2007,6(1):145~146
11 杨兴江.智能入侵检测系统的研究.阿坝师范高等专科学校学报,2004,4(12):95~97
12 J. Anderson. Computer security threat monitoring and surveillance. [P]. PA 19034, USA, 1980
13 D. E. Denning,. G. Neumann. Requirements and model for IDES-a real-time intrusion detection expert system[R]. Technical report, Computer Science Laboratory, RI International, USA, 1985
14 向明尚,李瑞芳.基于动态Agent的分布式入侵检测系统设计与实现.长江大学学报(自然版),2006,2(1):76~78
15 D. E. Denning. An intrusion detection model. IEEE Transactions. On Software Engineering,. VOL. SE-13, 1987: 222~232
16 L. T. Heberlein, et al. A Network security monitor[M]. 1990 Symposium on Research in Security and Privacy, Oakland, CA, 1990: 296~304
17 S. R. Snapp, J. Brentano, G. Dias, et al. DIDS(Distributed Intrusion Detection System)-motivation, Architecture, and an early prototype, In: Proceedings of the 14" National Computer Security Conference, Washington, DC, 1991
18 B. Mukherjee, L. T. Heberlein, K. N. Levitt. Network intrusion detection. IEEE Netwok, 1994
19 S. Cheung, R. Crawford, M. Dilger, etcal. The DesignofGrIDS: A graph based intrusion detection system. Technical Report CSE-99-2, U. C. Davis Computer Science Department, 1999
20 P. A. Porras and P. G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, In: Proceedings of The 1997 National Information Systems Security Conference, 1997
21 CISCO. Netranger intrusion detection system. Technical Information, April 1999
22 Internet Security System, ntrusion to RealSecurity Version 3.0, 2006
23 G. Vigna, R. A. Kemmerer, NetSTAT: A network based intrusion detection system. Journal of Computer Security 7, 1999: 37~91
24 Wayne Jansen, Peter Mell, Tom Karygiannis, Don Marks. Applying Mobile Agents to Intrusion Detection and Response. NIST Interim Report(IR)—6416, 2001
25 C. L. Susan, V. H. David. Training a Neural-Network Based Intrusion Detection. IEEE Transactions on system, man and sybernetics-parta: System and Humans, 2004
26 张光荣.基于移动代理的分布式入侵检测系统的研究.计算机工程与设计,2006,3(5):3328~3330
27 魏衍君.基于移动代理的分布式入侵检测系统设计与实现.微计算机信息,2006,10(3):43~44
28 彭川.基于移动Agent的分布式入侵检测系统.中南民族大学学报(自然科学版),2006,6(8):74~76
29 R. Heady, G. Luger, A. Maccabe, and M. Servilla. The Architecture of a Network Level Intrusion Detection System. Technical report, University of New Mexico, Department of Computer Science, 1990
30 郑文波.一种基于Agent的IDS结构模型设计.计算机与网络,2006,6(11):118~119
31 杜瑞忠.基于Agent的分布式入侵检测系统.河北大学学报(自然科学版),2004,2(7):302~306
32 冯劲梅.基于Agent的入侵检测系统层次结构模型.计算机工程与应用,2003,12(8):11~13
33 闫崇军.一种基于Agent的网络入侵检测系统.计算机与网络,2005,5(8):43~45
34 沈权.基于移动代理的分布式入侵检测系统体系结构研究.合肥工业大学硕士论文,2006:8~9
35 刘丽.基于移动Agent的分布式入侵检测系统研究.网络安全技术与应用,2006,2(5):16~17
36 李玉娟,李传林.一种新的基于Agent的入侵检测模型.计算机应用研究,2004,7(4):104~105
37 张思松.一种基于移动Agent的分布式入侵检测模型.铜陵学院学报,2006,4(10):70~71
38 韩景灵.一种改进的基于Agent的分布式入侵检测系统.电脑开发与应用,2006,8(2):19~20
39 赵铭.基于Agent的入侵检测系统框架研究.计算机工程与应用,2002,5(10):176~177
40 李凯.一种基于Agent的入侵检测系统模型.微电子学与计算机,2004,10(8):55~56
41 朱桂宏.基于移动Agent的分布式入侵检测系统研究.福建电脑,2006,3(4):117~118
42 赵佳奇.基于移动Agent的分布式入侵检测系统.西安理工大学硕士论文,2004:10~11
43 刘永华.基于移动Agent的入侵检测系统.西安理工大学硕士论文,2004:10~11
44 韩晓芸.基于移动Agent的入侵检测系统模型研究与分析.福建电脑,2006,2(1):11~12
45 索韩斌.基于Mobile Agent分布式入侵检测系统的研究与实现.重庆大学硕士学位论文,2006:28~29
46 王兴柱.基于移动Agent的入侵检测的研究和实现.西南交通大学研究生学位论文,2005:33~34
47 郭忠文.Agent推与拉通信模式性能比较临界条件及推模式算法.计算机研究与发展,2006,5(6):393~394
48 杨洪万.一种基于Agent技术的网络安全系统模型.山东师范大学学报(自然科学版),2002,3(4):20~21
49 黄爱民.基于移动代理的分布式入侵检测系统研究.贵州大学硕士学位论文, 2006:27~28
50 何汉明.基于Agent的智能入侵检测系统的开发研究.控制工程,2005,12(3):242~243
51 满红芳.基于移动Agent的分布式入侵检测系统研究.山东师范大学硕士等位论文,2006:31~44
52 肖书成.基于移动代理的入侵检测系统的研究与实现.重庆大学硕士学位论文,2004:56~58