摘要
从分析信息安全的现状入手,设计了一个基于多Agent的快速入侵响应系统CI2D&R。结合该系统的网络部署设计,介绍了该系统两个主要组成部分安全间谍和安全警卫的主要功能,并提出了该系统的分层体系结构,分析了系统的主要组成部件及其相应功能,论述了该系统的数据流和接口设计及解决Agent可靠运行的方法。
Flexible intrusion detection and response system (ID&R) needs to maximize security while minimizing cost and making response automatically. A multi-agents based response system, CI2D&R, the cost-based intelligent intrusion detection and response system, is proposed in this paper, which is originally developed as a facility to deal with network-based attacks and to take effective response automatically and intelligently. The networking environment deployed with the CI2D&R consists of two major parts: Guard, which runs on the specific guarded host (GH), and Spy, which runs in guarded network (GN). The components of the CI2D&R are introduced, which include intrusion detection, attack classification, damage analysis, attack path rebuilding, resources automatically safeguarding, disaster recovery, and security management. The several kinds of data flow in CI2D&R are discussed, too. While CI2D&R is only a prototype, some special safety considerations of agents are also addressed.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2004年第4期419-422,共4页
Journal of University of Electronic Science and Technology of China
基金
四川省科技厅项目(01GG0712)
国家863计划资助项目(2002AA142040)
关键词
入侵检测与响应
多代理系统
快速响应
信息安全
intrusion detection and response
multi-agent system
effective response
information security