基于Multi-Agent的分布式智能检测可视化系统的设计与实现
发布时间:2018-10-08 20:17
【摘要】:网络通信技术的飞速发展使得网络设备、服务、协议推陈出新的同时,也不可避免的带来了大量的网络安全问题。Internet服务的开放性决定了用户在各类Web应用的使用过程中很少受到约束,用户的行为模式具备天然的复杂性、不确定性,而现有的各类入侵检测系统在基于用户行为模式进行检测时性能各异,导致入侵检测表现出高误报、高漏报和低效率的缺点,检测的实时性也得不到有效保证。因此,入侵检测系统的运行效率已成为影响系统实施的瓶颈因素。此外,传统的集中式或分层式入侵检测系统通常采用叶子节点采集数据、中心节点或中间节点分析数据的检测架构,使得系统存在因关键节点故障而导致瘫痪甚至崩溃的风险。为了解决上述问题,智能化和分布化的入侵检测成为一条行之有效的解决方案。本论文首先对入侵检测系统进行了分类论述和对比分析,并在此基础上提出了一个基于Multi-Agent的分布式智能检测可视化系统的模型。该模型采用基于三级代理的分布式架构,管理Agent、驻留Agent、移动Agent之间既相互独立又相互协作,针对目标系统中网络数据和硬件信息实现实时分析和告警,形成一个“信息采集-威胁分析-实时告警-可视展现”的网络安全监测闭环。本文的主要工作如下:1、对入侵检测领域研究现状、Agent智能体在该领域的应用进行了综述,通过分析各类入侵检测系统的优缺点,在满足传统分布式入侵检测技术的基础上提出了一种基于Multi-Agent的分布式智能检测可视化系统模型。2、对JADE多Agent平台实现方案进行了研究,介绍了如何利用JADE进行Agent创建、外部任务添加等;对Snort入侵检测系统的构成和规则进行了研究。3、对Multi-Agent分布式智能检测可视化系统进行了需求分析和概要设计,并对数据采集模块、Agent模块、管理控制台模块的功能结构进行了详细设计。在系统架构上,每个网络节点均部署一个驻留Agent,负责数据的采集和初步分析,移动Agent负责威胁证据发现,局域网中部署唯一的管理Agent充当中心节点,负责规则下发、证据的融合分析以及告警生成。在发挥分布式入侵检测系统长处的同时,又改善了传统分布式入侵检测系统的高误报、传输负荷重、鲁棒性差等问题。4、对系统的数据采集层和检测层进行了编码实现。并对系统的入侵检测功能和可视化效果进行了测试。
[Abstract]:With the rapid development of network communication technology, network equipment, services and protocols are being updated. It inevitably brings a lot of network security problems. The openness of Internet services determines that users are rarely constrained in the use of various Web applications, and user behavior patterns have natural complexity and uncertainty. However, the existing intrusion detection systems have different performance based on user behavior mode, which leads to the shortcomings of high false positives, high false positives and low efficiency, and the real-time detection can not be effectively guaranteed. Therefore, the operating efficiency of intrusion detection system has become a bottleneck factor affecting the implementation of the system. In addition, traditional centralized or hierarchical intrusion detection systems usually use leaf nodes to collect data and central or intermediate nodes to analyze data detection architecture, which makes the system paralyzed or even collapsed due to the failure of key nodes. In order to solve the above problems, intelligent and distributed intrusion detection has become an effective solution. In this paper, the intrusion detection system is classified and compared, and a model of distributed intelligent detection visualization system based on Multi-Agent is proposed. The model adopts a distributed architecture based on three-level agent, manages the Agent, resident Agent, mobile Agent, and realizes real-time analysis and alarm against the network data and hardware information in the target system. A closed loop of network security monitoring is formed, which is called "information collection-threat analysis-real-time alarm-visual display". The main work of this paper is as follows: 1. The current situation of intrusion detection research is summarized, and the application of agent in this field is summarized. The advantages and disadvantages of all kinds of intrusion detection systems are analyzed. Based on the traditional distributed intrusion detection technology, a distributed intelligent detection visualization system model .2based on Multi-Agent is proposed. The implementation scheme of JADE multi-Agent platform is studied, and how to use JADE to create Agent is introduced. The composition and rules of Snort intrusion detection system are studied, the requirement analysis and outline design of Multi-Agent distributed intelligent detection visualization system are carried out, and the data acquisition module is designed. The function structure of the management console module is designed in detail. In the system architecture, each network node deploys a resident Agent, for data collection and preliminary analysis, mobile Agent is responsible for threat evidence discovery, and a unique management Agent is deployed in the LAN to act as the central node, which is responsible for issuing rules. Fusion analysis and alarm generation of evidence. At the same time, it improves the problems of high false positives, heavy transmission load and poor robustness of the traditional distributed intrusion detection system. It encodes the data collection layer and detection layer of the system. The intrusion detection function and visualization effect of the system are tested.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2258129
[Abstract]:With the rapid development of network communication technology, network equipment, services and protocols are being updated. It inevitably brings a lot of network security problems. The openness of Internet services determines that users are rarely constrained in the use of various Web applications, and user behavior patterns have natural complexity and uncertainty. However, the existing intrusion detection systems have different performance based on user behavior mode, which leads to the shortcomings of high false positives, high false positives and low efficiency, and the real-time detection can not be effectively guaranteed. Therefore, the operating efficiency of intrusion detection system has become a bottleneck factor affecting the implementation of the system. In addition, traditional centralized or hierarchical intrusion detection systems usually use leaf nodes to collect data and central or intermediate nodes to analyze data detection architecture, which makes the system paralyzed or even collapsed due to the failure of key nodes. In order to solve the above problems, intelligent and distributed intrusion detection has become an effective solution. In this paper, the intrusion detection system is classified and compared, and a model of distributed intelligent detection visualization system based on Multi-Agent is proposed. The model adopts a distributed architecture based on three-level agent, manages the Agent, resident Agent, mobile Agent, and realizes real-time analysis and alarm against the network data and hardware information in the target system. A closed loop of network security monitoring is formed, which is called "information collection-threat analysis-real-time alarm-visual display". The main work of this paper is as follows: 1. The current situation of intrusion detection research is summarized, and the application of agent in this field is summarized. The advantages and disadvantages of all kinds of intrusion detection systems are analyzed. Based on the traditional distributed intrusion detection technology, a distributed intelligent detection visualization system model .2based on Multi-Agent is proposed. The implementation scheme of JADE multi-Agent platform is studied, and how to use JADE to create Agent is introduced. The composition and rules of Snort intrusion detection system are studied, the requirement analysis and outline design of Multi-Agent distributed intelligent detection visualization system are carried out, and the data acquisition module is designed. The function structure of the management console module is designed in detail. In the system architecture, each network node deploys a resident Agent, for data collection and preliminary analysis, mobile Agent is responsible for threat evidence discovery, and a unique management Agent is deployed in the LAN to act as the central node, which is responsible for issuing rules. Fusion analysis and alarm generation of evidence. At the same time, it improves the problems of high false positives, heavy transmission load and poor robustness of the traditional distributed intrusion detection system. It encodes the data collection layer and detection layer of the system. The intrusion detection function and visualization effect of the system are tested.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 郑翔;;基于HTML5的网络状态信息模拟系统的设计及应用[J];信息通信;2016年09期
2 李晓芳;姚远;;入侵检测工具Snort的研究与使用[J];计算机应用与软件;2006年03期
3 唐谦,张大方;基于Snort的入侵检测引擎比较分析[J];计算机工程与设计;2005年11期
4 卿晓霞,陈恒鑫,王波;污水处理智能化系统的Multi-Agent通信技术与实现[J];微型电脑应用;2005年07期
5 张然,钱德沛,包崇明,刘轶;基于Multi-agent的入侵检测模型的研究与实现[J];小型微型计算机系统;2003年06期
6 刘大有,杨鲲,陈建中;Agent研究现状与发展趋势[J];软件学报;2000年03期
相关博士学位论文 前1条
1 陈云芳;分布式入侵检测系统关键技术研究[D];苏州大学;2008年
相关硕士学位论文 前8条
1 赵剑明;基于规则树的大规模网络入侵可视化[D];吉林大学;2013年
2 邓全才;基于模式匹配与协议分析的分布式入侵检测研究[D];天津理工大学;2011年
3 袁庆一;基于移动代理的分布式入侵检测算法分析[D];长春理工大学;2010年
4 王勇;基于Snort的分布式入侵检测系统的设计与实现[D];厦门大学;2009年
5 王月晖;基于WinPcap的网络数据捕获和分析系统的研究与实现[D];沈阳工业大学;2007年
6 李凯;基于Agent的分布式入侵检测系统研究[D];合肥工业大学;2005年
7 何欣;基于Snort的入侵检测系统的研究与实现[D];华中科技大学;2004年
8 胡艳;面向大规模网络的分布式入侵检测系统[D];中国科学院研究生院(电子学研究所);2003年
,本文编号:2258129
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2258129.html
