基于Multi-Agent和本体的分布式入侵检测系统研究  被引量：1

作　　者：郭广丰[1] 马占飞[1] 

机构地区：[1]内蒙古科技大学包头师范学院,内蒙古包头014030

出　　处：《计算机应用与软件》2016年第2期133-137,共5页Computer Applications and Software

基　　金：国家自然科学基金项目(61163025);内蒙古高等学校科学技术研究项目(NJZY12200)

摘　　要：入侵检测系统IDS(Intrusion Detection System)经历了近三十年的发展,虚警率高等问题一直困扰着用户,其原因可以部分归结为知识表示能力不足和IDS缺少协同工作。针对上述问题,融合Agent和本体技术,在此基础上建立相应的入侵检测本体知识库,提出一种基于Multi-Agent和本体的分布式IDS系统。该系统采用以本体为核心的多层次、分布式体系结构,从功能上分为探测器层、协同分析器层、知识管理层,从结构上由知识管理Agent、主机入侵检测Agent、网络入侵检测Agent、日志入侵检测Agent以及其他入侵检测Agent组成。各入侵检测Agent间协作采用合同网模型和熟人模型的协作算法。经过实验分析验证,该系统一方面提高了各检测器的协同工作能力,降低了虚警率,另一方面可以大大减少各检测器的通信量,提高了其协作效率。Intrusion detection system （IDS） has been experienced about 30 years, but some problems such as the high false positive rate have always been plaguing its users with the cause being partially attributed to the deficiency of knowledge representation and the IDS lacking collaborated works. In view of above questions, the paper proposes a Multi-Agent and ontology-based distributed IDS by integrating Agent with ontology technology, and on that basis constructing the corresponding knowledge base of intrusion detection ontology. The system adopts multi- level and distributed architecture with the ontology as core, and functionally it can be divided into three levels： probes, collaborative analysers and knowledge management, and structurally it consists of the Agents for knowledge management, host intrusion detection, network intrusion detection, log intrusion detection, and other intrusion detection Agents. The collaboration between Agents uses the collaboration algorithm combining the contract net model and the acquaintance coalition model. It is verified through experimental analysis that on the one hand this system improves the interoperability of each detector and reduces false positives ; on the other hand it is able to greatly cut down the traffic of communication between detectors and raises the efficiency of collaboration.

关 键 词：入侵检测系统 MULTI—AGENT 本体 协作算法合同网 熟人模型 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]