基于Agent人工智能技术的分布式入侵检测系统设计

针对当前IDA系统中由于数据集中处理缺陷，影响了系统入侵检测精准性。提出了基于Agent人工智能技术的分布式入侵检测系统设计。在系统总体结构支持下，分析控制中心、网络主机、分区控制中心和Agent库。根据响应库中的响应规则采取对应的响应策略，利用通信模块及时判断入侵行为是否异常，使用S5720S-28P-SI-AC 24口全千兆三层网管企业级网络核心交换机，进行数据交换。选择AD2032型号的报警响应器，能够监视外来入侵行为。通过V1.2绿色电脑信息检测器，对系统内存和驱动磁盘进行全方位评估。分析主体通信的实现方式、通信消息格式和通信协议，设计以Agent为基础的数据移动过程。借助Libpcap库函数，设计入侵检测流程。设置攻击环境与参数，由系统调试结果可知，该系统最高检测精准度可达到99%，为保证网络安全使用提供设备支持。

Design of Distributed Intrusion Detection System Based on Agent Artificial Intelligence Technology

Aiming at the defect of centralized data processing in the current IDA system, the accuracy of system intrusion detection is affected. The design of distributed intrusion detection system based on Agent artificial intelligence technology is proposed. With the support of the overall structure of the system, the analysis control center, network host, partition control center and Agent library are analyzed. According to the response rules in the response library, the corresponding response strategy is adopted, and the communication module is used to timely determine whether the intrusion behavior is abnormal. The S5720S-28P-SI-AC 24-port full Gigabit Layer 3 network management enterprise-level network core switch is used for data exchange. Select AD2032 type alarm responder to be able to monitor the behavior of foreign intrusion. Through V1.2 green computer information detector, comprehensive evaluation of system memory and drive disk. Analyze the implementation method, communication message format and communication protocol of the subject, and design the data movement process based on Agent. With the help of Libpcap library function, design the intrusion detection process. Set the attack environment and parameters. According to the system debugging results, the highest detection accuracy of the system can reach 99%, and equipment support is provided to ensure the safe use of the network.