| With the rapid development of computer technology and Internet, computer system has been shifted from stand-alone mode to an open Internet. The problems of network and information security are emerging increasingly. Different kinds of attacking incidents on the Internet keep on happening. Consequently, more and more measures come into being as well. People are attaching greater importance to the intrusion detection technology.The thesis analyzes all kinds of intrusion detection technologies and several kinds of current intrusion detection system. Then a resource-based distributed intrusion detection system is proposed. From a resource management viewpoint, the computer system resource can be categorized into file resource, program resource and network resource. According to their own characteristics, we design their appropriative detection unit (Agent) for them, namely network resource detection agent (NRA), program resource detection agent (PRA) and file resource detection agent (FRA). NRA detects the communication between inter-network and outer-network, PRA detects programs running on the hosts and servers, FRA detect filesin the system. By the cooperation in these three kinds of Agents, the security protection of computer network system is accomplished. System syncretism advantages of host-based and network-based IDS. The distributed capability and the expansibility of that system are good enough to the complicated environment of the network.Then, this thesis presents detection technologies of the three kinds of resource detection Agent, proposes a communication mechanism to implement information exchange among resource detection agents, and designs communication protocol according to the mechanism.Finally, this thesis design a relevancy analyzer and an abnormity table to implement three resource detect agent communicate on abnormity complexion; design responding level to implement three resource detect agent cooperate respond to intrusion. |
PDF Full Text Request