【作者】 徐国芹；

【导师】 刘建辉；

【作者基本信息】 辽宁工程技术大学 ， 计算机应用技术， 2004， 硕士

【摘要】 计算机网络技术的发展，给人们的生活带来很大方便，但同时也产生了一些不安全的因素。传统的安全技术如防火墙、加密、身份验证等满足不了现在网络安全的需要，需要一种具有动态、实时、防御功能的新型的安全技术。 本文在对现有的入侵检测系统模型进行分析和研究的基础上，提出了基于移动代理技术的分布式入侵检测系统模型。它由数据收集器、入侵检测Agent、报警Agent、响应Agent、监控Agent、代理服务器和数据库组成。模型中使用的移动代理，能保证入侵检测系统自身的安全。通过动态地添加、删除和修改代理，可以增强其动态配置功能和扩展性，也可以减少对网络可靠性的要求和带宽的消耗。 本文利用误用检测技术，实现了基于网络数据包的检测。误用检测使用模式匹配方法，它是对已知的攻击技术进行分析，提取攻击的特征，然后对收集到的网络数据包与建立的入侵规则进行匹配，判断是否有攻击事件发生。在模式匹配方法中，为了有效的提高入侵检测系统的可靠性，对规则库结构进行了改进，并结合了应用层协议分析技术，同时引入了新的匹配算法，大大地提高了检测的效率。更多还原

【Abstract】 The development of computer network technology bring convenience to people, but at the meantime there are some insecure factors from them. Traditional security technology such as firewall, encryption, Identity certification doesn’ t satisfy the need of modern network security, so the technology is proposed which is dynamic and real-time processing, and has response function.An intrusion detection model based on mobile agent is proposed by analyzing and researching currently distributed Intrusion Detection Model. The model is composed of data collector, intrusion agent, alarm agent, response agent, monitor agent, agent server and database. In this model, mobile agents are used to assurance security of intrusion detection system itself. Dynamic adding, deleting and modifying agents not only may strengthen dynamic configuration management and scalable property of intrusion detection system, but also may lessen reliability requirement and bandwidth consumption for network.Misuse detection technology is used to implement intrusion detection system based on network. Pattern match is used in misuse detection. Misuse detection technology first is to analyze known attack, pick up characters of attacks, and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened. In pattern matching method , protocol analysis is introduced in order to availably improve Intrusion Detection System (IDS) dependability , and improve the structure of Snort rule base and improve upon algorithm and . It can greatly cut down pattern matching the amount of calculation and improve accuracy and reduce the rate of positive error.更多还原