【摘要】：網(wǎng)絡(luò)通信技術(shù)的飛速發(fā)展使得網(wǎng)絡(luò)設(shè)備、服務(wù)、協(xié)議推陳出新的同時(shí),也不可避免的帶來了大量的網(wǎng)絡(luò)安全問題。Internet服務(wù)的開放性決定了用戶在各類Web應(yīng)用的使用過程中很少受到約束,用戶的行為模式具備天然的復(fù)雜性、不確定性,而現(xiàn)有的各類入侵檢測系統(tǒng)在基于用戶行為模式進(jìn)行檢測時(shí)性能各異,導(dǎo)致入侵檢測表現(xiàn)出高誤報(bào)、高漏報(bào)和低效率的缺點(diǎn),檢測的實(shí)時(shí)性也得不到有效保證。因此,入侵檢測系統(tǒng)的運(yùn)行效率已成為影響系統(tǒng)實(shí)施的瓶頸因素。此外,傳統(tǒng)的集中式或分層式入侵檢測系統(tǒng)通常采用葉子節(jié)點(diǎn)采集數(shù)據(jù)、中心節(jié)點(diǎn)或中間節(jié)點(diǎn)分析數(shù)據(jù)的檢測架構(gòu),使得系統(tǒng)存在因關(guān)鍵節(jié)點(diǎn)故障而導(dǎo)致癱瘓甚至崩潰的風(fēng)險(xiǎn)。為了解決上述問題,智能化和分布化的入侵檢測成為一條行之有效的解決方案。本論文首先對入侵檢測系統(tǒng)進(jìn)行了分類論述和對比分析,并在此基礎(chǔ)上提出了一個(gè)基于Multi-Agent的分布式智能檢測可視化系統(tǒng)的模型。該模型采用基于三級代理的分布式架構(gòu),管理Agent、駐留Agent、移動(dòng)Agent之間既相互獨(dú)立又相互協(xié)作,針對目標(biāo)系統(tǒng)中網(wǎng)絡(luò)數(shù)據(jù)和硬件信息實(shí)現(xiàn)實(shí)時(shí)分析和告警,形成一個(gè)“信息采集-威脅分析-實(shí)時(shí)告警-可視展現(xiàn)”的網(wǎng)絡(luò)安全監(jiān)測閉環(huán)。本文的主要工作如下:1、對入侵檢測領(lǐng)域研究現(xiàn)狀、Agent智能體在該領(lǐng)域的應(yīng)用進(jìn)行了綜述,通過分析各類入侵檢測系統(tǒng)的優(yōu)缺點(diǎn),在滿足傳統(tǒng)分布式入侵檢測技術(shù)的基礎(chǔ)上提出了一種基于Multi-Agent的分布式智能檢測可視化系統(tǒng)模型。2、對JADE多Agent平臺(tái)實(shí)現(xiàn)方案進(jìn)行了研究,介紹了如何利用JADE進(jìn)行Agent創(chuàng)建、外部任務(wù)添加等;對Snort入侵檢測系統(tǒng)的構(gòu)成和規(guī)則進(jìn)行了研究。3、對Multi-Agent分布式智能檢測可視化系統(tǒng)進(jìn)行了需求分析和概要設(shè)計(jì),并對數(shù)據(jù)采集模塊、Agent模塊、管理控制臺(tái)模塊的功能結(jié)構(gòu)進(jìn)行了詳細(xì)設(shè)計(jì)。在系統(tǒng)架構(gòu)上,每個(gè)網(wǎng)絡(luò)節(jié)點(diǎn)均部署一個(gè)駐留Agent,負(fù)責(zé)數(shù)據(jù)的采集和初步分析,移動(dòng)Agent負(fù)責(zé)威脅證據(jù)發(fā)現(xiàn),局域網(wǎng)中部署唯一的管理Agent充當(dāng)中心節(jié)點(diǎn),負(fù)責(zé)規(guī)則下發(fā)、證據(jù)的融合分析以及告警生成。在發(fā)揮分布式入侵檢測系統(tǒng)長處的同時(shí),又改善了傳統(tǒng)分布式入侵檢測系統(tǒng)的高誤報(bào)、傳輸負(fù)荷重、魯棒性差等問題。4、對系統(tǒng)的數(shù)據(jù)采集層和檢測層進(jìn)行了編碼實(shí)現(xiàn)。并對系統(tǒng)的入侵檢測功能和可視化效果進(jìn)行了測試。
[Abstract]:With the rapid development of network communication technology, network equipment, services and protocols are being updated. It inevitably brings a lot of network security problems. The openness of Internet services determines that users are rarely constrained in the use of various Web applications, and user behavior patterns have natural complexity and uncertainty. However, the existing intrusion detection systems have different performance based on user behavior mode, which leads to the shortcomings of high false positives, high false positives and low efficiency, and the real-time detection can not be effectively guaranteed. Therefore, the operating efficiency of intrusion detection system has become a bottleneck factor affecting the implementation of the system. In addition, traditional centralized or hierarchical intrusion detection systems usually use leaf nodes to collect data and central or intermediate nodes to analyze data detection architecture, which makes the system paralyzed or even collapsed due to the failure of key nodes. In order to solve the above problems, intelligent and distributed intrusion detection has become an effective solution. In this paper, the intrusion detection system is classified and compared, and a model of distributed intelligent detection visualization system based on Multi-Agent is proposed. The model adopts a distributed architecture based on three-level agent, manages the Agent, resident Agent, mobile Agent, and realizes real-time analysis and alarm against the network data and hardware information in the target system. A closed loop of network security monitoring is formed, which is called "information collection-threat analysis-real-time alarm-visual display". The main work of this paper is as follows: 1. The current situation of intrusion detection research is summarized, and the application of agent in this field is summarized. The advantages and disadvantages of all kinds of intrusion detection systems are analyzed. Based on the traditional distributed intrusion detection technology, a distributed intelligent detection visualization system model .2based on Multi-Agent is proposed. The implementation scheme of JADE multi-Agent platform is studied, and how to use JADE to create Agent is introduced. The composition and rules of Snort intrusion detection system are studied, the requirement analysis and outline design of Multi-Agent distributed intelligent detection visualization system are carried out, and the data acquisition module is designed. The function structure of the management console module is designed in detail. In the system architecture, each network node deploys a resident Agent, for data collection and preliminary analysis, mobile Agent is responsible for threat evidence discovery, and a unique management Agent is deployed in the LAN to act as the central node, which is responsible for issuing rules. Fusion analysis and alarm generation of evidence. At the same time, it improves the problems of high false positives, heavy transmission load and poor robustness of the traditional distributed intrusion detection system. It encodes the data collection layer and detection layer of the system. The intrusion detection function and visualization effect of the system are tested.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 鄭翔;;基于HTML5的網(wǎng)絡(luò)狀態(tài)信息模擬系統(tǒng)的設(shè)計(jì)及應(yīng)用[J];信息通信;2016年09期

2 李曉芳;姚遠(yuǎn);;入侵檢測工具Snort的研究與使用[J];計(jì)算機(jī)應(yīng)用與軟件;2006年03期

3 唐謙,張大方;基于Snort的入侵檢測引擎比較分析[J];計(jì)算機(jī)工程與設(shè)計(jì);2005年11期

4 卿曉霞,陳恒鑫,王波;污水處理智能化系統(tǒng)的Multi-Agent通信技術(shù)與實(shí)現(xiàn)[J];微型電腦應(yīng)用;2005年07期

5 張然,錢德沛,包崇明,劉軼;基于Multi-agent的入侵檢測模型的研究與實(shí)現(xiàn)[J];小型微型計(jì)算機(jī)系統(tǒng);2003年06期

6 劉大有,楊鯤,陳建中;Agent研究現(xiàn)狀與發(fā)展趨勢[J];軟件學(xué)報(bào);2000年03期

相關(guān)博士學(xué)位論文 前1條

1 陳云芳;分布式入侵檢測系統(tǒng)關(guān)鍵技術(shù)研究[D];蘇州大學(xué);2008年

相關(guān)碩士學(xué)位論文 前8條

1 趙劍明;基于規(guī)則樹的大規(guī)模網(wǎng)絡(luò)入侵可視化[D];吉林大學(xué);2013年

2 鄧全才;基于模式匹配與協(xié)議分析的分布式入侵檢測研究[D];天津理工大學(xué);2011年

3 袁慶一;基于移動(dòng)代理的分布式入侵檢測算法分析[D];長春理工大學(xué);2010年

4 王勇;基于Snort的分布式入侵檢測系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];廈門大學(xué);2009年

5 王月暉;基于WinPcap的網(wǎng)絡(luò)數(shù)據(jù)捕獲和分析系統(tǒng)的研究與實(shí)現(xiàn)[D];沈陽工業(yè)大學(xué);2007年

6 李凱;基于Agent的分布式入侵檢測系統(tǒng)研究[D];合肥工業(yè)大學(xué);2005年

7 何欣;基于Snort的入侵檢測系統(tǒng)的研究與實(shí)現(xiàn)[D];華中科技大學(xué);2004年

8 胡艷;面向大規(guī)模網(wǎng)絡(luò)的分布式入侵檢測系統(tǒng)[D];中國科學(xué)院研究生院（電子學(xué)研究所）;2003年

，

本文編號：2258129