摘要
本文首先指出了将Agent技术应用于入侵检测系统的优势,依据入侵检测系统的特点给出了主机的状态转换图,并提出了一个入侵检测模型,该模型的主机中有数据异常检测Agent、特征提取Agent、数据一致性检测Agent、完整性检测Agent以及日志处理,Agent通过学习机制建立行为库,对行为库里的信息进行推理获得入侵规则信息并将其加入到入侵规则库.最后用Aglet技术对该模型进行了仿真和实现,得出基于Agent的入侵检测技术具有较高的检测率及较低的误报率。
In this paper,we point out the advantages of using agent technology intrusion detection system at first. State transformation graph of host is shown then. An intrusion detection framework is designed. There are data anomalous agent,character extraction agent,data consistency agent,integrated agent and log process in host. Agents found action base through learning. Through reasoning to action base agent gets intrusion information and appends the information to intrusion rules base. Finally,simulation and implementation of the framework are done using aglets technology. The conclusion is gotten that intrusion detection based on agent has higher detection efficient and lower wrong report.
出处
《微计算机信息》
2010年第3期96-98,共3页
Control & Automation
基金
基金申请人:杜献峰
项目名称:多Agent在网络安全中的应用技术研究
颁发部门:河南省教育厅(2006520020)
