【作者】 周远；

【导师】 胡华平；

【作者基本信息】 国防科学技术大学 ， 软件工程， 2010， 硕士

【摘要】 随着计算机和网络技术的发展,网络已经得到广泛的应用,各种校园内局域网也迅速出现并发展起来,在现代教育领域扮演越来越重要的角色。与此同时,校园内局域网的安全问题也就变得日益突出。针对此网络的入侵事件频频发生。因此,如何保证校园内局域网的安全问题,也就成了一个极为重要的问题。入侵检测技术作为网络安全系统的重要组成部分,是安全审计中的核心技术之一,研究入侵检测具有十分重要的理论意义和现实价值。但是当前已有校园局域网的入侵检测系统普遍存在着实时性差、系统灵活性和扩展性差等问题。本文针对现代出现的应用于现代校园局域网的入侵检测系统的出现的一些问题,对分布式入侵检测和移动代理技术分别进行了分析和总结,提出了一种适合于现代校园局域网的基于移动代理的入侵检测系统的框架。主要工作包括:1、在对入侵检测系统、入侵检测系统的分类、入侵检测的相关标准以及发展方向等进行综述的基础上,对移动代理、Aglet以及Snort进行了深入研究。2、针对现代校园内局域网中的一些入侵检测系统结构的网络传输流量大,严重影响网络传输,不容易安装使用等问题,提出了一种基于移动代理的入侵检测系统框架,并对系统的主要组成部分控制系统、主机系统、移动代理进行了总体设计。3、在给出基于移动代理的入侵检测系统的组成与主要模块的基础上,详细给出了控制系统、主机系统和移动代理的实现,并对该系统进行了测试。测试结果表明:该系统能比较准确的检测出大部分的扫描攻击,其响应时间优于传统的SNMP方法。将该系统部署到局域网中,能较好地检测出针对该网络的入侵行为,并且实时性也有所提高。更多还原

【Abstract】 With the development of computer and network technology,Internet has been applied in a wide range, and the modern LAN in campus has also been nourished and played a more and more important role in modern education field. Meanwhile, the security problem of the modern LAN in campus is coming out. Thus, to secure the modern LAN in campus becomes fairly important. Being an important ingredient of network security system, Research on intrusion Detection is significant both in theory and in practice. However, the current IDS of campus LAN has some questions which are wildly existing, such as poor real-time, poor flexibility and bad scalability.In this paper, the technologies of IDS and mobile agent are analyzed and summarized, combined the features of the modern LAN in campus, and the model framework of Intrusion Detection System based on Mobile Agent(MA-IDS) is put forward, which is suitable for the modern LAN in campus. The paper mainly contributes on the following aspects.1. After the IDS, IDS classification, intrusion detection and relevant standards and development are summarized, the mobile agent, Aglet and Snort are studied in-depth.2. Aim at some problems of the IDS architecture in campus LAN, such as the mass network traffic, not easy of installing and so on, an intrusion detection architecture based on mobile agent is presented. The main components of the architecture are designed, which consists of control system, host system and mobile agent system.3. After introduced the components and the main module of MA-IDS, the realization of the control system, host system and mobile agent are presented in detail. Then, the test of MA-IDS is also given. The test results show that: the system can accurately detect most of the scanning attacks, and its response time is better than traditional SNMP . Deployment of the system to the LAN, it can develop the detection of intrusion for the network, and real-time also increased.更多还原