Design and implementation of self-protection agent for network-based intrusion detection system  被引量：3

作　　者：ZHU Shu-ren(朱树人) LI Wei-qin(李伟琴) 

机构地区：Changsha University of Electric Power, Changsha 410077, China Beijing University of Aeronautics and Astronautics, Beijing 100083, China Beijing University of Aeronautics and Astronautics, Beijing 100083, China

出　　处：《Journal of Central South University of Technology》2003年第1期69-73,共5页中南工业大学学报（英文版）

基　　金：国家高技术研究发展计划(863计划)

摘　　要：Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.Static secure techniques, such as firewall, hierarchy filtering, distributed disposing, layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self protection agents were designed, which have the distributed architecture, cooperate with the agents in intrusion detection in a loose coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks existing in some system service process and back door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.

关 键 词：INTRUSION DETECTION SYSTEM (IDS) network-based INTRUSION DETECTION system(NIDS) SELF-PROTECTION AGENT IP filter 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]