A Network Intrusion Detection System with the Snooping Agents
In order to increase the protection ability of the network intrusion diction system (NIDS), it is important to gather the host information of the intruder. In the proposed IDS called NIDS-SA, three basic components are developed to support the active monitoring capability, Intrusion Detection Node (IDN), Intrusion Detection Coordinator (IDC), and Snooper Agent (SA). The IDN is used to capture packets, demultiplex packets, detect local intrusion and infer intrusion. The IDC is installed in an administration workstation for communicating and managing IDNs, it can also do the intrusion detection and intrusion inferring. The RA consists of several snoop functions for information gathering. After an attack behavior is detected, the RA may launch some kinds of information gathering functions to the attacker, so that the proposed NIDS-SA has the active snoop ability. Furthermore, NIDS-SA includes the functions of the pattern matching and statistical inference. To ensure the secure communication ability between IDC and IDNs, the cryptography-based mechanisms are applied in the design phase of the proposed NIDS-SA. An intrusion detection experiment is carried out in our campus to simulate the real attack scenarios and validate the performance of NIDS-SA.
network intrusion detection! System pattern matching statistical analysis multi agent system
Bin Zeng Lu Yao ZhiChen Chen
Department of Management Naval University of Engineering WuHan, China
国际会议
太原
英文
232-236
2010-10-22(万方平台首次上网日期,不代表论文的发表时间)