Network intrusion prevention system based on multi-mobile agents and data mining technology

Abstract

The invention provides a network intrusion prevention system based on multi-mobile agents and a data mining technology, comprising a mobile agent function module, a data mining function module, an intelligent module, a detector, a linkage module and a guard audit trail agent module, wherein, the mobile agent function module is composed of a mobile agent database and a characteristic rule library which are connected with the detector respectively; the data mining function module comprises a data mining database and a self-adaptive model generator which are mutually connected, and the data mining database is connected with the characteristic rule library; the intelligent module comprises an expert system and a safety knowledge base which are mutually connected, the expert system is connected with the detector and the data mining database and the safety knowledge base is connected with the self-adaptive model generator; and the detector is connected with the linkage module, and the guard audit trail agent module is connected with the linkage module and the expert system. The network intrusion prevention system can extract and identify abnormal access information in real time and improve safety, reliability and defensive capability of a network.

Description

technical field [0001] The present invention relates to the technical field of computer network information security, and in particular to a network intrusion defense system based on multi-mobile agents and data mining technology, which is mainly applied to the key technologies of computer network security defense systems, and can effectively solve network security missed detection and The problem of false alarms can be solved, and the accuracy of network access detection, identification and decision-making and overall intelligent defense capabilities can be further improved. Background technique [0002] The Intrusion Detection System (IDS) used at home and abroad mainly analyzes, monitors, detects and identifies unauthorized or abnormal phenomena in the system through network data packets. The focus is on network monitoring and auditing and tracking. When abnormalities are found, only reporting cannot prevent them. They can only be protected by linkage with security device...

AI Technical Summary

Problems solved by technology

The focus is on network monitoring and auditing and tracking. When abnormalities are found, only reporting cannot prevent them, and can only be protected by linkage with security devices such as firewalls

At present, there are serious defects: one is the network defect, using a switch to replace the HUB that can share the monitoring will bring trouble to the IDS network monitoring, and carefully constructing and sending data packets under a complex network can also bypass the IDS monitoring

Second, there is a large amount of false positives and false negatives, and there are constant alarms

The traditional network-based intrusion prevention system (Network Intrusion Prevention System, NIPS) has a single security detection method, high false alarm rate, many false alarm rates, and false negatives, which seriously affect the key technologies and security of computer network security defense and detection. defensive performance

Images