基于AGLET移动代理技术的分布式入侵检测系统的研究
|
摘要
计算机网络技术的发展,给人们的生活带来很大方便,但同时也产生了一些不安全的因素。传统的安全技术如防火墙、加密、身份验证等满足不了现在网络安全的需要,需要一种具有动态、实时、防御功能的新型的安全技术。
本文在对现有的入侵检测系统模型进行分析和研究的基础上,提出了基于移动代理技术的分布式入侵检测系统模型。它由数据收集器、入侵检测Agent、报警Agent、响应Agent、监控Agent、代理服务器和数据库组成。模型中使用的移动代理,能保证入侵检测系统自身的安全。通过动态地添加、删除和修改代理,可以增强其动态配置功能和扩展性,也可以减少对网络可靠性的要求和带宽的消耗。
本文利用误用检测技术,实现了基于网络数据包的检测。误用检测使用模式匹配方法,它是对已知的攻击技术进行分析,提取攻击的特征,然后对收集到的网络数据包与建立的入侵规则进行匹配,判断是否有攻击事件发生。在模式匹配方法中,为了有效的提高入侵检测系统的可靠性,对规则库结构进行了改进,并结合了应用层协议分析技术,同时引入了新的匹配算法,大大地提高了检测的效率。
The development of computer network technology bring convenience to people, but at the meantime there are some insecure factors from them. Traditional security technology such as firewall, encryption, Identity certification doesn' t satisfy the need of modern network security, so the technology is proposed which is dynamic and real-time processing, and has response function.
An intrusion detection model based on mobile agent is proposed by analyzing and researching currently distributed Intrusion Detection Model. The model is composed of data collector, intrusion agent, alarm agent, response agent, monitor agent, agent server and database. In this model, mobile agents are used to assurance security of intrusion detection system itself. Dynamic adding, deleting and modifying agents not only may strengthen dynamic configuration management and scalable property of intrusion detection system, but also may lessen reliability requirement and bandwidth consumption for network.
Misuse detection technology is used to implement intrusion detection system based on network. Pattern match is used in misuse detection. Misuse detection technology first is to analyze known attack, pick up characters of attacks, and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened. In pattern matching method , protocol analysis is introduced in order to availably improve Intrusion Detection System (IDS) dependability , and improve the structure of Snort rule base and improve upon algorithm and . It can greatly cut down pattern matching the amount of calculation and improve accuracy and reduce the rate of positive error.
本文在对现有的入侵检测系统模型进行分析和研究的基础上,提出了基于移动代理技术的分布式入侵检测系统模型。它由数据收集器、入侵检测Agent、报警Agent、响应Agent、监控Agent、代理服务器和数据库组成。模型中使用的移动代理,能保证入侵检测系统自身的安全。通过动态地添加、删除和修改代理,可以增强其动态配置功能和扩展性,也可以减少对网络可靠性的要求和带宽的消耗。
本文利用误用检测技术,实现了基于网络数据包的检测。误用检测使用模式匹配方法,它是对已知的攻击技术进行分析,提取攻击的特征,然后对收集到的网络数据包与建立的入侵规则进行匹配,判断是否有攻击事件发生。在模式匹配方法中,为了有效的提高入侵检测系统的可靠性,对规则库结构进行了改进,并结合了应用层协议分析技术,同时引入了新的匹配算法,大大地提高了检测的效率。
The development of computer network technology bring convenience to people, but at the meantime there are some insecure factors from them. Traditional security technology such as firewall, encryption, Identity certification doesn' t satisfy the need of modern network security, so the technology is proposed which is dynamic and real-time processing, and has response function.
An intrusion detection model based on mobile agent is proposed by analyzing and researching currently distributed Intrusion Detection Model. The model is composed of data collector, intrusion agent, alarm agent, response agent, monitor agent, agent server and database. In this model, mobile agents are used to assurance security of intrusion detection system itself. Dynamic adding, deleting and modifying agents not only may strengthen dynamic configuration management and scalable property of intrusion detection system, but also may lessen reliability requirement and bandwidth consumption for network.
Misuse detection technology is used to implement intrusion detection system based on network. Pattern match is used in misuse detection. Misuse detection technology first is to analyze known attack, pick up characters of attacks, and detect whether the network packet appears in the intrusion rule set to determine whether intrusion has happened. In pattern matching method , protocol analysis is introduced in order to availably improve Intrusion Detection System (IDS) dependability , and improve the structure of Snort rule base and improve upon algorithm and . It can greatly cut down pattern matching the amount of calculation and improve accuracy and reduce the rate of positive error.
引文
1.朱淼梁,邱瑜.移动代理系统综述[J],计算机研究与发展,2001,38(1):16—24.
2.谭思亮,监听与隐藏[M] 北京:人民邮电出版社,200.8.
3.马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J],软件学报,2000.11(10):1312-1319.
4.王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J],计算机工程与科学 2000,222.62—65.
5.陈坚,陈伟,VISUAL C++网络高级编程[M]北京:人民邮电出版社,2001.8.
6.蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述[J],软件学报2000,11(11):1460-1465.
7.徐再庆,张尧弼,基于智能代理的网络监测系统[J],计算机工程,2000,26(9)132-134.
8.阮耀平,易江波,赵战生.计算机系统入侵检测模型与方法[J],计算机工程,2001,25(9):63-65.
9.吴应良,韦岗.网络入侵及其安全防范对策研究[J],计算机应用研究,2002,17(11):37-39.
10.王红涛,何欣.网络入侵检测概述.网络安全2002.2
11.孙华,曹袖.分布式网络入侵监视系统的设计[J],计算机工程,1999,25(3):60-62.
12.王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J],计算机工程与科学2000,222.62-65.
13.徐再庆,张尧弼,基于智能代理的网络监测系统[J],计算机工程,2000,26(9)132—134.
14.万燕,孙永强.采用增量时间戳技术的Mobile Agent系统[J].软件学报,2003,13(7):30—36.
15.李晓莺,曾启铭.协议分析在入侵检测系统中的应用[J].网络技术与应用,2002(2):37—40.
16.Terry Escamilla,吴焱等.入侵者检测[M],北京:电子工业出版社,1999,97-110.
17. Ma Jun-tao, Liu Ji-ren. Architecture and technology of mobile agent system, Mini—Micro Systems[M].1998,192.: 7-14 (in Chinese)
18. Emilie Lundin, Erland Jonsson. Anomaly-based intrusion detection: privacy concerns and other problems[J], COMPUTER NETWORKS, 2000,34: 623~640.
19. Peine, H. Security concepts and implementation In the mobile agent system [J]. In: EIRewini, H.,ed. Proceedings of the 31st.
20. B. Mukherjee, L. Heberlenin, K. Levitt. Network Intrusion Detection[J], IEEE Network May/Jun, 1994.
21. D. Gavalas, D. Greenwood, M. Ghanbari, M. OMahony. Advanced network monitoring
application based on mobile/intelligent[J], Computer Communications, 2000,23:720-730.
22. Steven R. Snampp, James Brentano, Gihan V. Dias, etc. A system for dirstributed intrusion detection[J], IEEE 1991.
23. Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents[J], Computer Networks, 2000, 34:547-570.
24. Herve Debar, Marc Dacier, Andreas Wespi. Towards a taxonomy of intrusion-detection systems[J], Computer Networks, 1999.31. 805-822.
25. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok. A Data Mining Framework for Building Intrusion Detection Models[J]. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999.
26. Nell Desai. Increasing Performance in High Speed NIDS - A look at Snort' s Internals [M].2002-3.
27. Snort user manual [M], Snort Release:2.0. 0.
28. R. Agrawal and R. Srikant. Mining sequential patterns. In Proceedings of the 11th International Conference on Data Engineering, Taipei, Taiwan, 1995.
29. Atkins, P. Buis, C. Hare, R. Kelley, C. Nachenberg, A. B. Nelson, P. Phillips, T. Ritchey, and W. Steen. Internet Security Professional Reference .New Riders Publishing, 1996.
30. W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
31. P. A. Porras and A. Valdes. Live tra .c analysis of TCP/IP gateways. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, March 1998.
32. W. Lee, S. J. Stolfo, and K. W. Mok. A data mining frame work for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999.
33. Aglets Specification (1.0) http://www. trl. ibm. co. jp/aglets/spec_version10. html
34. Fiskyx M, Vafghesey G. Fast Content-based Packet Handing for Intrusion Detection .UCSD Technical Report CS2001-0670,2001-05.
35. Boyer R S, Moore J S. A Fast String Searching Algorithm. Communications of the ACM 20,1977-10:762-772.
36. Charras C Lecroq T. Exact String Matching Algorithm. 1997.
37. Kim, kim Y. A Fast Multiple String -pattern Matching Algorithm. Proceedings of the 17 Aom/Iaom International Conference on Computer Science ,1999-05.
38. Aho A Corasick M. Efficient string matching an aid to biliographic seach[J].Comm ACM 1975,18,33-40.
2.谭思亮,监听与隐藏[M] 北京:人民邮电出版社,200.8.
3.马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J],软件学报,2000.11(10):1312-1319.
4.王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J],计算机工程与科学 2000,222.62—65.
5.陈坚,陈伟,VISUAL C++网络高级编程[M]北京:人民邮电出版社,2001.8.
6.蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述[J],软件学报2000,11(11):1460-1465.
7.徐再庆,张尧弼,基于智能代理的网络监测系统[J],计算机工程,2000,26(9)132-134.
8.阮耀平,易江波,赵战生.计算机系统入侵检测模型与方法[J],计算机工程,2001,25(9):63-65.
9.吴应良,韦岗.网络入侵及其安全防范对策研究[J],计算机应用研究,2002,17(11):37-39.
10.王红涛,何欣.网络入侵检测概述.网络安全2002.2
11.孙华,曹袖.分布式网络入侵监视系统的设计[J],计算机工程,1999,25(3):60-62.
12.王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J],计算机工程与科学2000,222.62-65.
13.徐再庆,张尧弼,基于智能代理的网络监测系统[J],计算机工程,2000,26(9)132—134.
14.万燕,孙永强.采用增量时间戳技术的Mobile Agent系统[J].软件学报,2003,13(7):30—36.
15.李晓莺,曾启铭.协议分析在入侵检测系统中的应用[J].网络技术与应用,2002(2):37—40.
16.Terry Escamilla,吴焱等.入侵者检测[M],北京:电子工业出版社,1999,97-110.
17. Ma Jun-tao, Liu Ji-ren. Architecture and technology of mobile agent system, Mini—Micro Systems[M].1998,192.: 7-14 (in Chinese)
18. Emilie Lundin, Erland Jonsson. Anomaly-based intrusion detection: privacy concerns and other problems[J], COMPUTER NETWORKS, 2000,34: 623~640.
19. Peine, H. Security concepts and implementation In the mobile agent system [J]. In: EIRewini, H.,ed. Proceedings of the 31st.
20. B. Mukherjee, L. Heberlenin, K. Levitt. Network Intrusion Detection[J], IEEE Network May/Jun, 1994.
21. D. Gavalas, D. Greenwood, M. Ghanbari, M. OMahony. Advanced network monitoring
application based on mobile/intelligent[J], Computer Communications, 2000,23:720-730.
22. Steven R. Snampp, James Brentano, Gihan V. Dias, etc. A system for dirstributed intrusion detection[J], IEEE 1991.
23. Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents[J], Computer Networks, 2000, 34:547-570.
24. Herve Debar, Marc Dacier, Andreas Wespi. Towards a taxonomy of intrusion-detection systems[J], Computer Networks, 1999.31. 805-822.
25. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok. A Data Mining Framework for Building Intrusion Detection Models[J]. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999.
26. Nell Desai. Increasing Performance in High Speed NIDS - A look at Snort' s Internals [M].2002-3.
27. Snort user manual [M], Snort Release:2.0. 0.
28. R. Agrawal and R. Srikant. Mining sequential patterns. In Proceedings of the 11th International Conference on Data Engineering, Taipei, Taiwan, 1995.
29. Atkins, P. Buis, C. Hare, R. Kelley, C. Nachenberg, A. B. Nelson, P. Phillips, T. Ritchey, and W. Steen. Internet Security Professional Reference .New Riders Publishing, 1996.
30. W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
31. P. A. Porras and A. Valdes. Live tra .c analysis of TCP/IP gateways. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, March 1998.
32. W. Lee, S. J. Stolfo, and K. W. Mok. A data mining frame work for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999.
33. Aglets Specification (1.0) http://www. trl. ibm. co. jp/aglets/spec_version10. html
34. Fiskyx M, Vafghesey G. Fast Content-based Packet Handing for Intrusion Detection .UCSD Technical Report CS2001-0670,2001-05.
35. Boyer R S, Moore J S. A Fast String Searching Algorithm. Communications of the ACM 20,1977-10:762-772.
36. Charras C Lecroq T. Exact String Matching Algorithm. 1997.
37. Kim, kim Y. A Fast Multiple String -pattern Matching Algorithm. Proceedings of the 17 Aom/Iaom International Conference on Computer Science ,1999-05.
38. Aho A Corasick M. Efficient string matching an aid to biliographic seach[J].Comm ACM 1975,18,33-40.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |