本文通過借鑒智能代理(agent)技術(shù)，并結(jié)合XML 和安全通信技術(shù)，提出了一種具有兩層代理結(jié)構(gòu)的分布式入侵檢測系統(tǒng)模型，并設(shè)計(jì)實(shí)現(xiàn)了原型系統(tǒng)。該模型有多個(gè)域組成，域內(nèi)采用分層結(jié)構(gòu)，域間采用P2P(peer to peer)結(jié)構(gòu)。域內(nèi)的檢測agent 分布在受保護(hù)各個(gè)主機(jī)上執(zhí)行檢測任務(wù)，檢測結(jié)果向本域內(nèi)的數(shù)據(jù)中心匯報(bào)。協(xié)作agent 綜合本域內(nèi)數(shù)據(jù)中心的報(bào)警信息進(jìn)行分析，產(chǎn)生本地報(bào)警，并通過XML向其他域中協(xié)作agent 告警。作為冗余成分的協(xié)作agent 的存在避免了系統(tǒng)結(jié)構(gòu)上的單點(diǎn)失效。數(shù)字簽名和加密技術(shù)確保了agent 通信的安全。分布性、健壯性、智能性和協(xié)作性是該系統(tǒng)模型主要特點(diǎn)。
關(guān)鍵詞：協(xié)作；Agent；IDS；XML；入侵檢測系統(tǒng)
[Abstract]: Using agent’s technology for reference, combining XML & security communication technology, we present a distributed intrusion detection system model of two-layer agent structure; we design and implement a prototype system. The model consists of several domains. In each domain, structure is layered, while between each two domains, structure is peer to peer. Every detect-agent of each domain monitors the host-protected in the network and the result of monitor is reported to data center in the same domain. Cooperative agent synthesizes the result of every detect-agent in the same domain, analyze it and give an alarm to local domain and to the cooperative agent of other domain with XML. Cooperative agent of Redundancy avoids malfunction of single cooperative agent in the model. The digital signature and encrpytion techniques ensure security of correspondence between agents. This system model possesses characteristics such as distribution, robustness,intelligence and cooperation nature etc.
[key words]: cooperation; Agent; IDS;XML