校园网基于移动代理的入侵检测系统的研究与实现
|
摘要
随着计算机和网络技术的发展,网络已经得到广泛的应用,各种校园内局域网也迅速出现并发展起来,在现代教育领域扮演越来越重要的角色。与此同时,校园内局域网的安全问题也就变得日益突出。针对此网络的入侵事件频频发生。因此,如何保证校园内局域网的安全问题,也就成了一个极为重要的问题。入侵检测技术作为网络安全系统的重要组成部分,是安全审计中的核心技术之一,研究入侵检测具有十分重要的理论意义和现实价值。但是当前已有校园局域网的入侵检测系统普遍存在着实时性差、系统灵活性和扩展性差等问题。
本文针对现代出现的应用于现代校园局域网的入侵检测系统的出现的一些问题,对分布式入侵检测和移动代理技术分别进行了分析和总结,提出了一种适合于现代校园局域网的基于移动代理的入侵检测系统的框架。主要工作包括:
1、在对入侵检测系统、入侵检测系统的分类、入侵检测的相关标准以及发展方向等进行综述的基础上,对移动代理、Aglet以及Snort进行了深入研究。
2、针对现代校园内局域网中的一些入侵检测系统结构的网络传输流量大,严重影响网络传输,不容易安装使用等问题,提出了一种基于移动代理的入侵检测系统框架,并对系统的主要组成部分控制系统、主机系统、移动代理进行了总体设计。
3、在给出基于移动代理的入侵检测系统的组成与主要模块的基础上,详细给出了控制系统、主机系统和移动代理的实现,并对该系统进行了测试。测试结果表明:该系统能比较准确的检测出大部分的扫描攻击,其响应时间优于传统的SNMP方法。将该系统部署到局域网中,能较好地检测出针对该网络的入侵行为,并且实时性也有所提高。
With the development of computer and network technology,Internet has been applied in a wide range, and the modern LAN in campus has also been nourished and played a more and more important role in modern education field. Meanwhile, the security problem of the modern LAN in campus is coming out. Thus, to secure the modern LAN in campus becomes fairly important. Being an important ingredient of network security system, Research on intrusion Detection is significant both in theory and in practice. However, the current IDS of campus LAN has some questions which are wildly existing, such as poor real-time, poor flexibility and bad scalability.
In this paper, the technologies of IDS and mobile agent are analyzed and summarized, combined the features of the modern LAN in campus, and the model framework of Intrusion Detection System based on Mobile Agent(MA-IDS) is put forward, which is suitable for the modern LAN in campus. The paper mainly contributes on the following aspects.
1. After the IDS, IDS classification, intrusion detection and relevant standards and development are summarized, the mobile agent, Aglet and Snort are studied in-depth.
2. Aim at some problems of the IDS architecture in campus LAN, such as the mass network traffic, not easy of installing and so on, an intrusion detection architecture based on mobile agent is presented. The main components of the architecture are designed, which consists of control system, host system and mobile agent system.
3. After introduced the components and the main module of MA-IDS, the realization of the control system, host system and mobile agent are presented in detail. Then, the test of MA-IDS is also given. The test results show that: the system can accurately detect most of the scanning attacks, and its response time is better than traditional SNMP . Deployment of the system to the LAN, it can develop the detection of intrusion for the network, and real-time also increased.
本文针对现代出现的应用于现代校园局域网的入侵检测系统的出现的一些问题,对分布式入侵检测和移动代理技术分别进行了分析和总结,提出了一种适合于现代校园局域网的基于移动代理的入侵检测系统的框架。主要工作包括:
1、在对入侵检测系统、入侵检测系统的分类、入侵检测的相关标准以及发展方向等进行综述的基础上,对移动代理、Aglet以及Snort进行了深入研究。
2、针对现代校园内局域网中的一些入侵检测系统结构的网络传输流量大,严重影响网络传输,不容易安装使用等问题,提出了一种基于移动代理的入侵检测系统框架,并对系统的主要组成部分控制系统、主机系统、移动代理进行了总体设计。
3、在给出基于移动代理的入侵检测系统的组成与主要模块的基础上,详细给出了控制系统、主机系统和移动代理的实现,并对该系统进行了测试。测试结果表明:该系统能比较准确的检测出大部分的扫描攻击,其响应时间优于传统的SNMP方法。将该系统部署到局域网中,能较好地检测出针对该网络的入侵行为,并且实时性也有所提高。
With the development of computer and network technology,Internet has been applied in a wide range, and the modern LAN in campus has also been nourished and played a more and more important role in modern education field. Meanwhile, the security problem of the modern LAN in campus is coming out. Thus, to secure the modern LAN in campus becomes fairly important. Being an important ingredient of network security system, Research on intrusion Detection is significant both in theory and in practice. However, the current IDS of campus LAN has some questions which are wildly existing, such as poor real-time, poor flexibility and bad scalability.
In this paper, the technologies of IDS and mobile agent are analyzed and summarized, combined the features of the modern LAN in campus, and the model framework of Intrusion Detection System based on Mobile Agent(MA-IDS) is put forward, which is suitable for the modern LAN in campus. The paper mainly contributes on the following aspects.
1. After the IDS, IDS classification, intrusion detection and relevant standards and development are summarized, the mobile agent, Aglet and Snort are studied in-depth.
2. Aim at some problems of the IDS architecture in campus LAN, such as the mass network traffic, not easy of installing and so on, an intrusion detection architecture based on mobile agent is presented. The main components of the architecture are designed, which consists of control system, host system and mobile agent system.
3. After introduced the components and the main module of MA-IDS, the realization of the control system, host system and mobile agent are presented in detail. Then, the test of MA-IDS is also given. The test results show that: the system can accurately detect most of the scanning attacks, and its response time is better than traditional SNMP . Deployment of the system to the LAN, it can develop the detection of intrusion for the network, and real-time also increased.
引文
[1]Sampathkumar Veeraraghavan, S. Bose, K. Anand and A. Kannan. An Intelligent Agent Based Approach for Intrusion Detection and Prevention in Adhoc Networks [J]. IEEE-ICSCN, 2007:534-536
[2]SHAO-CHUN ZHONG, QINGFENG SONG, XIAO-CHUN CHENG, YAN WANG. A SAFE MOBILE AGENT SYSTEM FOR DISTRIBUTED INTRUSION DETECTION. Proceedings of the Second International Conference on Machine Learning and Cybernetics[J], IEEE, 2009
[3]张相锋,孙玉芳.入侵检测系统发展的研究综述[J].计算机科学,2003,30(8):45-49
[4]卢旺,许占文.入侵检测系统的研究[J].沈阳工业大学学报,2003,25(l):61-65
[5] Analysis and Investigation Of Intrusion Detection System. http://www.cs.ourdue.edu/coast/proiects/aafid.html.2005
[6]崔宇明.移动代理及其安全性分析.安徽大学学报(自然科学版) [J],2002,26(4):21-25
[7]柴平暄,龚向阳等.分布式入侵检测技术的研究.北京邮电大学学报[J],2002,25(2):68-73
[8]库宇,胡亮,张晓晖.一种基于代理和蜜罐技术的分布式入侵检测系统模型.吉林大学学报[J],2007,45(3), 399-404
[9]郑君杰,肖军模,刘志华,王晓蕾,王宏涛.基于Honeypot技术的网络入侵检测系统.电子科技大学学报[J],2007,36(2):257-259
[10]张云勇.移动agent及其应用.北京:清华大学出版社[M],2002
[11]M.Roesch. Snort-lightweight intrusion detection for networks. http://www.snort.org/lisapaper.2005
[12]宇征,孙齐,毕学饶.移动代理在入侵检测系统中的应用.福建电脑[J],2006(3):73-74
[13]Debra Anderson, Thane Frivold, Alfonso Valdes. Next-generation Intrusion Detection Expert System(NIDES). Computer Science Laboratory[J], SRI-CSL-95-07.May 1999
[14]安晶,孙名松.基于移动代理的分布式入侵检测系统模型研究.哈尔滨理工大学学报[J],2006,11(2):69-72
[15]李剑锋,王乘.在分布式入侵检测系统中应用Mobile Agent.计算机科学与工程[J],2004(7):161-164
[16]David Safford, Martin Roesch. A new approach to vulnerability management and intrusion detection[R]. 2003
[17]何向荣,沈佐民,吴璞,王汝传.移动代理入侵检测系统中的自适应技术的研究.计算机技术与发展[J],2006,16(2):229-232
[18]Mcllugh J. Intrusion and Intrusion Detection. Newyork: Springer-Verlag [J], 2001:14-35
[19]梁铭,蒋丽芳.一种基于移动代理的分布式入侵检测模型.网络通讯与安全[J],2006(2):54-56
[20]陈鹏,吕卫锋,单征.基于网络的入侵检测方法研究.计算机工程与应用[J],2001(19):44-49
[21]刘东远.基于Snort的校园网入侵检测系统规划和设计.佛山科学技术学院学报(自然科学版)[J], 2008,26(3):30-33
[22] Coverage and generalization in an artificial immune system.http://www.cs.ucsb.edu-kemm/.NetStat/documents.html. 2008
[23] Statistical traffic modeling for network intrusion detection.http://all.net/books/dca/top.html. 2000
[24]MattB. A Model of Security Monitoring, Proceedings of Fifth Annual Computer Security Applications Conference. USA:IEEE Computer Society[J], 1989:249-251
[25]张民强.基于移动代理技术的网络入侵检测系统.淮海工学院学报(自然科学版)[J],2004,13(4):36-38
[26]傅来银.基于Agent的分布式协同入侵检测系统研究[D][硕士学位论文].哈尔滨工程大学,2005.
[27]Guy Helmer. LightWeight agents for intrusion detection. The Journel of Systems and Software, 2003(67):109-122
[28]Wang Dongmu. A Mobile Agent-Based Prototype of Hetero genenous Distributed Virtual Environment Systems. Journal of Systems Engineering and Electronics[J], 2000,11(2):16-19
[29]李海泉.计算机网络的安全与加密[M].科学出版社,2001
[30]胡恬,周建军.网络入侵检测系统分析及对策.微机发展[J],2000(6):73-75
[31]Snort-the open source network intrusion detection system. http://www.snort.org/.2008
[32]Wang Dongmu. A Mobile Agent-Based Prototype of Heterogeneous Distributed Virtual Environment Systems. Journal of Systems Engineering and Electronics[J], 2000,11(2)
[33]王瑁,王崇骏,谢俊元,陈世福.基于Agent的网络入侵检测技术的研究.计算机科学[J],2006,33(12):65-69
[34]蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测.计算机研究与发展[J],2000,11(11):1460-1466
[35]Min Jun. Application of mobile scanning agent in the network security. journal ofSystems Engineering and Electronics[J], 2004,15(3):11-14
[36]Luca Ferrari. The Aglets 2.0.2 Users Manual[R], 2004
[37]徐楠,何毅俊,陈松乔.基于Agent的分布式入侵检测系统框架设计.计算机测量与控制[J],2007,15(4):421-423
[38]甘丽霞.入侵检测技术在校园网中的应用及实现[R][硕士学位论文].电子科技大学,2007
[39]聂江.基于代理的校园网入侵检测系统研究[R][硕士学位论文].哈尔滨工业大学,2006
[40]史志才,韩彦铎,贾百奎,沈连山.实现分布式入侵检测的关键技术研究.大连大学学报[J],2007,19(3):246-248
[41]J2EEesAPI.chm.Java2 Platform. Enterprise Edition, v1.4API Specification[S]
[42]胡华平,陈海涛,黄辰林,唐勇.入侵检测系统研究现状及发展趋势.计算机工程与科学[J],2001,23(2):20-25
[2]SHAO-CHUN ZHONG, QINGFENG SONG, XIAO-CHUN CHENG, YAN WANG. A SAFE MOBILE AGENT SYSTEM FOR DISTRIBUTED INTRUSION DETECTION. Proceedings of the Second International Conference on Machine Learning and Cybernetics[J], IEEE, 2009
[3]张相锋,孙玉芳.入侵检测系统发展的研究综述[J].计算机科学,2003,30(8):45-49
[4]卢旺,许占文.入侵检测系统的研究[J].沈阳工业大学学报,2003,25(l):61-65
[5] Analysis and Investigation Of Intrusion Detection System. http://www.cs.ourdue.edu/coast/proiects/aafid.html.2005
[6]崔宇明.移动代理及其安全性分析.安徽大学学报(自然科学版) [J],2002,26(4):21-25
[7]柴平暄,龚向阳等.分布式入侵检测技术的研究.北京邮电大学学报[J],2002,25(2):68-73
[8]库宇,胡亮,张晓晖.一种基于代理和蜜罐技术的分布式入侵检测系统模型.吉林大学学报[J],2007,45(3), 399-404
[9]郑君杰,肖军模,刘志华,王晓蕾,王宏涛.基于Honeypot技术的网络入侵检测系统.电子科技大学学报[J],2007,36(2):257-259
[10]张云勇.移动agent及其应用.北京:清华大学出版社[M],2002
[11]M.Roesch. Snort-lightweight intrusion detection for networks. http://www.snort.org/lisapaper.2005
[12]宇征,孙齐,毕学饶.移动代理在入侵检测系统中的应用.福建电脑[J],2006(3):73-74
[13]Debra Anderson, Thane Frivold, Alfonso Valdes. Next-generation Intrusion Detection Expert System(NIDES). Computer Science Laboratory[J], SRI-CSL-95-07.May 1999
[14]安晶,孙名松.基于移动代理的分布式入侵检测系统模型研究.哈尔滨理工大学学报[J],2006,11(2):69-72
[15]李剑锋,王乘.在分布式入侵检测系统中应用Mobile Agent.计算机科学与工程[J],2004(7):161-164
[16]David Safford, Martin Roesch. A new approach to vulnerability management and intrusion detection[R]. 2003
[17]何向荣,沈佐民,吴璞,王汝传.移动代理入侵检测系统中的自适应技术的研究.计算机技术与发展[J],2006,16(2):229-232
[18]Mcllugh J. Intrusion and Intrusion Detection. Newyork: Springer-Verlag [J], 2001:14-35
[19]梁铭,蒋丽芳.一种基于移动代理的分布式入侵检测模型.网络通讯与安全[J],2006(2):54-56
[20]陈鹏,吕卫锋,单征.基于网络的入侵检测方法研究.计算机工程与应用[J],2001(19):44-49
[21]刘东远.基于Snort的校园网入侵检测系统规划和设计.佛山科学技术学院学报(自然科学版)[J], 2008,26(3):30-33
[22] Coverage and generalization in an artificial immune system.http://www.cs.ucsb.edu-kemm/.NetStat/documents.html. 2008
[23] Statistical traffic modeling for network intrusion detection.http://all.net/books/dca/top.html. 2000
[24]MattB. A Model of Security Monitoring, Proceedings of Fifth Annual Computer Security Applications Conference. USA:IEEE Computer Society[J], 1989:249-251
[25]张民强.基于移动代理技术的网络入侵检测系统.淮海工学院学报(自然科学版)[J],2004,13(4):36-38
[26]傅来银.基于Agent的分布式协同入侵检测系统研究[D][硕士学位论文].哈尔滨工程大学,2005.
[27]Guy Helmer. LightWeight agents for intrusion detection. The Journel of Systems and Software, 2003(67):109-122
[28]Wang Dongmu. A Mobile Agent-Based Prototype of Hetero genenous Distributed Virtual Environment Systems. Journal of Systems Engineering and Electronics[J], 2000,11(2):16-19
[29]李海泉.计算机网络的安全与加密[M].科学出版社,2001
[30]胡恬,周建军.网络入侵检测系统分析及对策.微机发展[J],2000(6):73-75
[31]Snort-the open source network intrusion detection system. http://www.snort.org/.2008
[32]Wang Dongmu. A Mobile Agent-Based Prototype of Heterogeneous Distributed Virtual Environment Systems. Journal of Systems Engineering and Electronics[J], 2000,11(2)
[33]王瑁,王崇骏,谢俊元,陈世福.基于Agent的网络入侵检测技术的研究.计算机科学[J],2006,33(12):65-69
[34]蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测.计算机研究与发展[J],2000,11(11):1460-1466
[35]Min Jun. Application of mobile scanning agent in the network security. journal ofSystems Engineering and Electronics[J], 2004,15(3):11-14
[36]Luca Ferrari. The Aglets 2.0.2 Users Manual[R], 2004
[37]徐楠,何毅俊,陈松乔.基于Agent的分布式入侵检测系统框架设计.计算机测量与控制[J],2007,15(4):421-423
[38]甘丽霞.入侵检测技术在校园网中的应用及实现[R][硕士学位论文].电子科技大学,2007
[39]聂江.基于代理的校园网入侵检测系统研究[R][硕士学位论文].哈尔滨工业大学,2006
[40]史志才,韩彦铎,贾百奎,沈连山.实现分布式入侵检测的关键技术研究.大连大学学报[J],2007,19(3):246-248
[41]J2EEesAPI.chm.Java2 Platform. Enterprise Edition, v1.4API Specification[S]
[42]胡华平,陈海涛,黄辰林,唐勇.入侵检测系统研究现状及发展趋势.计算机工程与科学[J],2001,23(2):20-25