【作者】 敖冰峰；

【导师】 谢志强； 何蕴峥；

【作者基本信息】 哈尔滨理工大学 ， 计算机技术， 2007， 硕士

【摘要】 在现代社会互联网飞速发展的同时，入侵攻击、拒绝服务攻击、网络资源滥用等威胁也如影随形，使得计算机网络安全问题日益突出，成为信息化建设的一个核心问题。面对网络大规模化和入侵复杂化的发展趋势，传统的网络安全技术暴露出诸多缺陷。本文首先介绍了国内外IDS的发展历程和现状，分析了当前入侵检测所面临的主要问题和发展趋势。虽然移动Agent独特的自主性和移动性可以提高入侵检测系统的健壮性和容错性，增强适应性和可扩展性，使得移动Agent技术目前已经用于入侵检测系统，但是考虑目前入侵检测所面临的问题，有必要对基于移动Agent的入侵检测系统改进。其次，在对现有的基于移动Agent的入侵检测系统分析基础上，分析采用以IBM的Aglet移动代理平台为Agent运行环境；以2个模块(管理控制模块和监视控制模块)和4个代理(数据采集Agent、数据分析Agent、跟踪Agent和控制Agent)来构建此系统模型；同时采用层次性的双中心通信模型(以数据采集Agent和控制Agent为中心)和3层(数据采集层、数据分析层和控制管理层)通讯机制；以保证系统的安全性和减少数据传输量，力求将基于主机与基于网络的入侵检测技术结合在一起，增强系统的检测能力。最后设计和实现了基于移动Agent的入侵检测系统，通过系统测试验证其完整性、可扩展性、安全性，证明其有效。更多还原

【Abstract】 With the development of the Internet in the modern society, invasion, service refusal attack and abuse of the Internet resources are also inoperable, which makes the Internet safe of computers stand out and become a core question of information construction. To the development of large-scale Internet and invading complication, the traditional Internet safe technology exposes lots of defect.Firstly, the development and background of IDS are introduced, while the main problem and the trend of intrusion detection are also analyzed. Although the unique independence, mobility of Mobile Agent can improve the haleness, tolerableness, adaptability and expansi- bility of the intrusion detection system, which induce Mobile Agent has used for intrusion detection system, it is necessary to improve on the intrusion detection system which base on Mobile Agent for questions faced the intrusion detection system.Secondly, after analyzing the intrusion detection system of Mobile Agent, this system model is constructed by two module (administration module and surveillance module) and four Agent (info Collection Agent, Analysis Agent, Track Agent and Management Controlling Agent) the operation surrounding of which is removal flat of IBM Aglet as Agent, of which the communication mechanism is double center (info Collection Agent and Management Controlling Agent)communication model at administrative level and three phase(data collection phase, data analysis phase and controlling management phase)in order to ensure the safety of system and decrease data transmission. Furthermore, it is also can combine the intrusion detection technology both of host computer and of internet and improve the ability of systemic detection.At last, the intrusion detection system of Mobile Agent is designed and implemented, the validity of which is proved by experiment at aspects of integrality, expansibility and safety.更多还原