基于Agent的入侵检测系统的研究与实现
|
摘要
随着计算机技术和网络技术的发展,网络安全问题变得越来越重要。加密技术和防火墙等传统的安全技术已经无法满足网络安全的需求,入侵检测技术应运而生。入侵检测技术能够进行动态的和实时的检测,并且具有响应功能。入侵检测系统是P2DR(Policy Protection Detection Response,简称P2DR)动态安全模型的一个重要组成部分。
本文通过对现有的基于Agent的入侵检测系统模型的分析和研究,提出了一个基于Agent的入侵检测系统模型。该模型采用分布式的体系结构,由Agent控制中心和若干Agent组成。每个Agent采用适当的入侵检测方法和数据来源,因此系统可以对入侵行为进行全面的检测,可以有效检测各种入侵。在系统的设计中,探讨了如何将数据融合技术运用到入侵检测系统的问题。
本文详细叙述了Agent和Agent控制中心的实现。通过采用合理的方法对本入侵检测系统进行了测试。测试结果表明,系统性能良好,达到设计要求。
With the development of computer and network technology, network security becomes more and more important. Traditional security technology such an encryption and firewall doesn't satisfy the requirement of network security, so intrusion detection technology is proposed, which is dynamic and real-time processing, and has response function. Intrusion detection system is the main part of Policy Protection Detection Response (P2DR) security model.
By analyzing and researching current agent-based intrusion detection models, this thesis proposes an intrusion detection model based on agent. The distributed model composed of agent console and several agents. Each agent has proper detection method and data source, so the system can detect intrusion effectively. How to apply data fusion technology in the system is discussed.
The Implementation of agent and agent console is described in detail. With proper method, this intrusion detection system is tested. According to the result of test, the system works effectively and attains the goal of system design.
本文通过对现有的基于Agent的入侵检测系统模型的分析和研究,提出了一个基于Agent的入侵检测系统模型。该模型采用分布式的体系结构,由Agent控制中心和若干Agent组成。每个Agent采用适当的入侵检测方法和数据来源,因此系统可以对入侵行为进行全面的检测,可以有效检测各种入侵。在系统的设计中,探讨了如何将数据融合技术运用到入侵检测系统的问题。
本文详细叙述了Agent和Agent控制中心的实现。通过采用合理的方法对本入侵检测系统进行了测试。测试结果表明,系统性能良好,达到设计要求。
With the development of computer and network technology, network security becomes more and more important. Traditional security technology such an encryption and firewall doesn't satisfy the requirement of network security, so intrusion detection technology is proposed, which is dynamic and real-time processing, and has response function. Intrusion detection system is the main part of Policy Protection Detection Response (P2DR) security model.
By analyzing and researching current agent-based intrusion detection models, this thesis proposes an intrusion detection model based on agent. The distributed model composed of agent console and several agents. Each agent has proper detection method and data source, so the system can detect intrusion effectively. How to apply data fusion technology in the system is discussed.
The Implementation of agent and agent console is described in detail. With proper method, this intrusion detection system is tested. According to the result of test, the system works effectively and attains the goal of system design.
引文
1. Anderson J.R Computer security threat monitoring and surveillance. PA 19034, USA,1980.4
2. Denning D.E, Neumann P.G. Requirements and model for IDES-a real-time intrusion detection expert system. Technical report, Computer Science Laboratory, SRI Intemational,USA, 1985
3. Denning D.E. An intrusion detection model. EEE Transactions on Software Engineering,1987, VOL.SE-13,NO.2, 222~232
4. Mukherjee B, Heberlein L.T, Levitt K.N. Network intrusion detection. IEEE Netwok, 1994
5. Susan C.L, David V.H. raining a Neural-Network Based Intrusion Detection. IEEE Transactions on system, man and sybernetics-parta: System and Humans, 2001
6. NSA Glossary Terms Used in Security and Intrusion Detection. SANS Institute,1999,http://www.sentinelsys. com/glossary.html
7. Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents.Computer networks, 2000, 34:547~570
8. Dacier M, Jackson K. Intrusion detection. Computer networks, 1999
9. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok. Mining audit data to build intrusion detection model, In Proceedings of the 4th International Conference.147 on Knowledge Discovery and Data Mining, New York, NY, August 1998, AAAI Press
10. Sandeep Kumar. Classification and detection of computer intrusions. American: Purdue University, 1995,8
11. 蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述.软件学报,2000,11(11):1460~1465
12. 阮耀平,易江波,赵战生.计算机入侵检测模型与方法.计算机工程,1999,25(9):63~65
13. 胡华平,陈海涛,黄辰林,唐勇.入侵检测系统研究现状及发展趋势.计算机工程与科学.Vol.23,No.2,2001:20~25
14. 戴云,范平志.入侵检测系统研究综述.计算机工程与应用,2002.4:17~19
15. Wooldridge M, Jennings N R. Intelligent Agents: Theory and Practice. Knowledge Engineering Review, 1995, 10(2): 115~152
16. 毛新军,王怀民,齐治昌.Agent技术及其标准化.计算机科学,2001,28(4):1~4
17. Agent Technology Green Paper, OMG Agent Working Group, 2000, 4
18. Jai Sundar Balasubramaniyan, Jose Omar Garcia, David Isacoff., et al. An Architecture for Intrusion Detection using Autonomous Agents. COAST Technical Report, 98/5, June 1998
19.马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型.软件学报,2000,11(10):1312~1319
20.余青霓等泽.网络入侵检测分析员手册.北京:人民邮电出版社,2000
21.戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002,3
22.邓琦皓,许鸿飞,张斌泽.入侵检测实用手册.北京:中国电力出版社,2002,10
23. Thomas H. Ptacek, Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks Inc., January 1998
24.陈波,于泠.基于自治Agent的入侵检测系统模型.计算机工程,2000,26(12),128~129
25.唐正军.黑客入侵防范系统源代码分析.北京:机械工业出版社,2002
26. W. Richard Stevens. Advanced Programming in the UNIX Environment. 北京:机械工业出版社, 2002.1
27. Martin Roesch. SNORT—LIGHTWEIGHT INTRUSION DETECTION FOR NETWORKS. Proceedings of LISA '99: 13th Systems Administration Conference, Seattle, Washington,USA, November 7-12, 1999
28.范建华等译.TCP/IP详解 卷1:协议.北京:机械工业出版社,2000.4
29. Steven McCanne, Van Jacobson. The BSD Packet Filter:A New Architecture for User-level Packet Capture. USENIX conference, January 25-29, 1993, San Diego, CA.
2. Denning D.E, Neumann P.G. Requirements and model for IDES-a real-time intrusion detection expert system. Technical report, Computer Science Laboratory, SRI Intemational,USA, 1985
3. Denning D.E. An intrusion detection model. EEE Transactions on Software Engineering,1987, VOL.SE-13,NO.2, 222~232
4. Mukherjee B, Heberlein L.T, Levitt K.N. Network intrusion detection. IEEE Netwok, 1994
5. Susan C.L, David V.H. raining a Neural-Network Based Intrusion Detection. IEEE Transactions on system, man and sybernetics-parta: System and Humans, 2001
6. NSA Glossary Terms Used in Security and Intrusion Detection. SANS Institute,1999,http://www.sentinelsys. com/glossary.html
7. Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents.Computer networks, 2000, 34:547~570
8. Dacier M, Jackson K. Intrusion detection. Computer networks, 1999
9. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok. Mining audit data to build intrusion detection model, In Proceedings of the 4th International Conference.147 on Knowledge Discovery and Data Mining, New York, NY, August 1998, AAAI Press
10. Sandeep Kumar. Classification and detection of computer intrusions. American: Purdue University, 1995,8
11. 蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述.软件学报,2000,11(11):1460~1465
12. 阮耀平,易江波,赵战生.计算机入侵检测模型与方法.计算机工程,1999,25(9):63~65
13. 胡华平,陈海涛,黄辰林,唐勇.入侵检测系统研究现状及发展趋势.计算机工程与科学.Vol.23,No.2,2001:20~25
14. 戴云,范平志.入侵检测系统研究综述.计算机工程与应用,2002.4:17~19
15. Wooldridge M, Jennings N R. Intelligent Agents: Theory and Practice. Knowledge Engineering Review, 1995, 10(2): 115~152
16. 毛新军,王怀民,齐治昌.Agent技术及其标准化.计算机科学,2001,28(4):1~4
17. Agent Technology Green Paper, OMG Agent Working Group, 2000, 4
18. Jai Sundar Balasubramaniyan, Jose Omar Garcia, David Isacoff., et al. An Architecture for Intrusion Detection using Autonomous Agents. COAST Technical Report, 98/5, June 1998
19.马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型.软件学报,2000,11(10):1312~1319
20.余青霓等泽.网络入侵检测分析员手册.北京:人民邮电出版社,2000
21.戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002,3
22.邓琦皓,许鸿飞,张斌泽.入侵检测实用手册.北京:中国电力出版社,2002,10
23. Thomas H. Ptacek, Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks Inc., January 1998
24.陈波,于泠.基于自治Agent的入侵检测系统模型.计算机工程,2000,26(12),128~129
25.唐正军.黑客入侵防范系统源代码分析.北京:机械工业出版社,2002
26. W. Richard Stevens. Advanced Programming in the UNIX Environment. 北京:机械工业出版社, 2002.1
27. Martin Roesch. SNORT—LIGHTWEIGHT INTRUSION DETECTION FOR NETWORKS. Proceedings of LISA '99: 13th Systems Administration Conference, Seattle, Washington,USA, November 7-12, 1999
28.范建华等译.TCP/IP详解 卷1:协议.北京:机械工业出版社,2000.4
29. Steven McCanne, Van Jacobson. The BSD Packet Filter:A New Architecture for User-level Packet Capture. USENIX conference, January 25-29, 1993, San Diego, CA.