Master by Research
School of Computer Science and Software Engineering, Faculty of Informatics
Ye, Dayong, An agent-based framework for distributed intrusion detections, M.Comp.Sc.Res. thesis, School of Computer Science and Software Engineering, University of Wollongong, 2009. http://ro.uow.edu.au/theses/797
Network application has become a part of our everyday life. With the increasing of convenience and popularity of network, more and more malicious users utilize network to obtain their vicious intentions. In order to protect network users’ information security and privacy, various intrusion detection systems were proposed and developed in the last decade. Intrusion detection as an emerging technology has made great achievements in theory and practice, whose aim is to protect the confidentiality, integrity or availability of a system or resource. As a complex system, the development of an intrusion detection system includes many aspects, such as system architecture design, design and implementation of system components, system test in real cases, and so on. Though many intrusion detection systems have been presented, most of them mainly focus on one or two aspects of intrusion detection systems. This thesis aims at providing a rudimentary solution for an agent-based Peer-to-Peer distributed intrusion detection framework. The major contributions of this thesis include the following five aspects. 1. Introducing a novel Peer-to-Peer framework which involve different agents on different peers; 2. Designing functionalities of each agent in the framework by using JACK/UML approach; 3. Representing knowledge of each agent about intrusion and detection according to employing ontology; 4. Developing an efficient task allocation protocol which is used to coordinate different hosts in the system to collaboratively detect distributed attacks; 5. Implementing and testing the framework in a reasonable manner by utilizing an agent development environment, i.e. JACKTM. In summary, this framework integrates agent technology, Peer-to-Peer architecture, ontology technique and a task allocation protocol. Implementation and experiments v show the potential applicability of this framework to real cases. In addition, this framework could help in development of a good intrusion detection system in open and complex environments.
02Whole.pdf (3877 kB)