分布式协作模型及应用研究

With the development of the Web technology,the application environment has acquired many new characters such as dynamic, openness,distribution and information uncertainty.The processing mode of application systems is more complicated than ever.For example,it requires application systems to have more community processing ability,interactive ability,distributed processing ability and collaborative ability.Accordingly the research and development of the computer application system transited from client/server information processing system into distributed collaborative processing system based on Web.Especially in the environment where the information and resources are highly distributed,the accomplishment of complicated tasks is dependent more on the resources coordination,information sharing and coordinator collaboration.The collaboration is one aspect of the group behavior and its goal is to provide a optimal method to utilize the resource through the information interaction and to solve the task which couldn't be accomplished by each coordinator alone and get the more total benefits than the sum of each benefit.The collaboration problem is the important one for distributed tasks processing.This paper surveys,the research and application status of distributed collaborative models and several representative architectures of distributed collaborative processing are proposed.However,the existing problems and the future researching direction are presented.     

基于Minkowskey距离的模糊入侵检测方法研究

After analyzing the deficiency of traditional intrusion detection system, a new kind of intrusion detection method based on Minkowskey is put forward for reducing false positive rate. The essence of it is to set up a normal behavior fuzzy sub collection A on the basis of watching the normal system transfer of the privilege process, and set up a fuzzy sub collection B with real time transfer array, then detect with the principle of minimum distance in fuzzy discern method.     

A neuro-genetic based short-term forecasting framework for network intrusion prediction system

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by ＂authorized＂ users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system （IDS） is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference （KDD 2009） intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS （NGIDS） involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this work show that the system achieves improvement in terms of misclassification cost when compared with conventional IDS. The results of the experiments show that this system can be deployed based on a real network or database environment for effective prediction of both normal attacks and new attacks.     

A Theory for the Initial Allocating of Real Time Tasks in Distributed Systems

Referring to a set of real time tasks with arriving time,executing time and deadline,this paper discusses the problem of polynomial time initial-allocating approximation algorithms in a distributed system and five new results are gained which provide a theory for the designing of initial-allocating algorithms of real time tasks.     

Dynamical Immune Intrusion Detection System for IPv6

We have set up a project aiming at developing a dynamical immune intrusion detection system for IPv6 and protecting the next generation Internet from intrusion. We focus on investigating immunological principles in designing a dynamic multi-agent system for intrusion detection in IPv6 environment, instead of attempting to describe all that is intrusion in the network try and describe what is normal used and defined ＇non-selr as intrusion. The proposed abnormal detection model is designed as flexible, extendible and adaptable in order to meet the needs and preferences of network administrators for IPv6 environment.     

Research on the Architecture of Distributed Web Mining System

A new distributed web-mining system based on CORBA （DWMBC） is proposed. It is based on web and takes advantage of CORBA for distributed processing. Distributed data processing and web mining are effectively combined to meet the demand of multi-platform in the system, and the safety and sealability of the system are reinforced. In addition, the Java technology is applied to meet the real time requirement of the presentation of the mining results. At last, a system instance is developed to implement this distributed system model.     

一种基于贝叶斯判决的先进入侵检测模型

One key problem for intrusion detection system is the correctness and efficiency of detection algorithm.This paper presents a revised detection algorithm through the use of Bayes decision. Bayes decision is a random pat-tern classified recognition method of the pattern recognition theory. The algorithm in this paper is designed refer to the lest-risk Bayes decision. Experiments show that this algorithm has better performance. In the paper,we firstly in-troduce the Bayes algorithm and threshold selection algorithm. Then depending on the decision, the detection algo-rithm of intrusion detection system is designed. In the end,the experiment results are provided.     

PeerIDS - A Distributed Network Intrusion Detection System Based on the Peer-to-Peer Model

By employing the Peer-to-Peer （P2P） model, which is considered as a promising approach to solve many problems in distributed environment, we present a distributed network intrusion detection system named PeerIDS - an IDS solution which values the properties of feasibility, durability and scalability most. Viewing the problem from a different perspective as against its counterparts, PeerIDS can provide the networked computation environment with robust and scalable protection while still staying efficient with the bursting of both types and traffic of malicious attacks through automatically and evenly distributing the intrusion detection workload among all the cooperating PeerIDS instances. Compared with many other distributed intrusion detection approaches, no single point of failure can be found in a farm of synergized PeerIDS instances. Moreover, PeerIDS entails almost no additional administration work after the installation and first time setup.     

A Time Series Data Mining Based on ARMA and MLFNN Model for Intrusion Detection

This paper investigates the issue on how to effectively model time series with a new algorithm given by a Multilayer Feedforward Neural Network （MLFNN） and an Autoregressive Moving Average （ARMA）. The static nonlinear part is modeled by MLFNN, and the linear part is modeled by an ARMA model, The algorithm is developed for estimating the weights of the MLFNN and the parameters of ARMA model. To illustrate the feasibility and simplicity of the above procedures for time series data mining, the problem of measuring normality in H＇FI＇P traffic for the purpose of anomaly-based network intrusion detection is addressed. The detection results provided by the approach of this paper show important improvements, both in detection ratio and regarding false alarms, in comparison with those obtained using other current techniques, Simulation examples are included to illustrate the performance of the proposed method.     

Mobile agent-enabled framework for structuring and building distributed systems on the internet

Mobile agent has shown its promise as a powerful means to complement and enhance existing technology in various application areas. In particular, existing work has demonstrated that MA can simplify the development and improve the performance of certain classes of distributed applications, especially for those running on a wide-area, heterogeneous, and dynamic networking environment like the Internet. In our previous work, we extended the application of MA to the design of distributed control functions, which require the maintenance of logical relationship among and/or coordination of proc- essing entities in a distributed system. A novel framework is presented for structuring and building distributed systems, which use cooperating mobile agents as an aid to carry out coordination and cooperation tasks in distributed systems. The framework has been used for designing various distributed control functions such as load balancing and mutual ex- clusion in our previous work. In this paper, we use the framework to propose a novel ap- proach to detecting deadlocks in distributed system by using mobile agents, which dem- onstrates the advantage of being adaptive and flexible of mobile agents. We first describe the MAEDD (Mobile Agent Enabled Deadlock Detection) scheme, in which mobile agents are dispatched to collect and analyze deadlock information distributed across the network sites and, based on the analysis, to detect and resolve deadlocks. Then the design of an adaptive hybrid algorithm derived from the framework is presented. The algorithm can dynamically adapt itself to the changes in system state by using different deadlock detec- tion strategies. The performance of the proposed algorithm has been evaluated using simulations. The results show that the algorithm can outperform existing algorithms that use a fixed deadlock detection strategy.     

基于P2P和移动代理的入侵检测系统研究

介绍了现有入侵检测系统在计算机以及网络安全中的意义和现有入侵检测系统的局限性,简述了移动代理和P2P技术的优点,提出了一种采用移动代理技术和P2P结构的入侵检测系统,避免了当前分布式入侵检测系统存在的单点失效和传输瓶颈问题,提高了系统的自身安全性和各结点的协同检测能力。该系统能够根据环境的变化来进行调整,具有较强的可伸缩性。重点介绍了该系统的结构以及判断入侵的方法。     

高校办公网入侵检测系统研究

随着计算机和网络技术的发展,网络入侵事件的日益增加,人们发现只从防御的角度构造安全系统是不够的,入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作,在分析已有分布式入侵检测系统模型的基础上,提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构,由一个代理控制中心和若干代理组成,结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测,可以有效地检测各种入侵,并具有很好的可扩充性。     

一种分布式入侵检测模型的设计

传统的基于异常的或基于误用的入侵检测总是在正常和非正常间作出一个绝对的选择，这种结果丢弃了大量有价值的信息，导致检测效果的不理想，尤其是在复杂的分布式网络环境中更加如此。针对此不足，文中提出基于模糊理论的模糊决策引擎(FDE)，它是分布式入侵检测系统中检测代理的一部分，能够在判定入侵行为时，基于模糊理论综合的考虑各种因素。带有FDE的分布式入侵检测系统的综合评估过程是一个层次结构，拥有分析来自于检测代理的各类信息的能力。这样的入侵检测系统拥有高精确的入侵检测、高效的决策过程以及系统资源消耗低的优点。     

基于可信对等的分布式入侵检测通信框架设计

为了提高分布式入侵检测的实时性和安全性,提出了一种可信对等的分布式入侵检测通信框架的模型.该模型借鉴了P2P和代理技术,不同网络节点中的入侵检测代理是对等的,它们之间通过共享检测信息进行整体协防.该模型还借鉴了安全通信技术,在网络中建立了一个认证服务器,不在同一网络节点的任何两个网络进程的通信必须通过该认证服务器,提高了入侵检测自身的安全性.设计实现了一个原型系统,原型系统的实验结果表明了该模型的正确性和可行性.     

基于多检测技术的入侵检测系统模型

针对当前入侵检测系统和入侵检测分析方法的弱点,提出了一个融合多检测技术的基于Multi-Agent的分布式入侵检测系统模型,采用了基于移动Agent的文件完整性检测技术.该模型实现了入侵检测的分布化,具有很好的扩充性,增强了入侵检测的准确率,提高了入侵检测系统的性能,能更好地满足大规模分布式网络环境的安全要求.     

一种抗攻击的入侵检测系统模型的研究

在分布式环境下,大多数的入侵检测系统缺少针对本身部件的安全措施。在本文中,我们提出了一种基于移动代理的分布式抗攻击的入侵检测系统的模型,并分析了其关键的技术。该模型对建立一个安全的入侵检测系统有一定的指导意义。     

一种基于Agent的自适应的分布式入侵检测系统

针对传统分布式入侵检测系统组件之间依赖程度大、系统不够健壮且入侵检测系统自身结构固定不能适应入侵的变化的问题,提出了一种基于Agent的自适应的分布式入侵检测系统（简称AAADIDS）．AAADIDS采用Agent概念重新构造系统的组件,改进了分布式入侵检测系统由于高层节点单一无冗余而产生的可靠性差的缺陷,从构造上克服了分布式入侵检测系统的脆弱性．同时,AAADIDS系统采用智能技术构建了自适应的入侵检测系统模型,增加了系统应对入侵行为变化的智能性．AAADIDS系统相对于传统的分布式入侵检测系统有效地提高了系统自身的可靠性和针对外界变化的适应能力．     

基于Super-Peer架构的分布式入侵检测模型研究

随着大规模分布式入侵行为的日益增多,对分布式入侵检测系统的性能要求也越来越高。本文提出了一种基于Super-Peer架构并采用智能Agent技术的分布式入侵检测系统模型,将Super-Peer模型与分布式入侵检测系统有效地结合,克服了纯P2P模型可管理性差的缺点,提高了入侵检测系统的效率和协作检测能力,增强了系统的开放性,减少了 层次化带来的瓶颈,从整体上提高了系统的性能。     

基于随机子空间法的多Agent分布式入侵检测

提出了一种基于随机子空间的多Agent分布式入侵检测方法。该方法把支持向量机作为检测Agent的核心检测算法，通过引入随机子空间生成具有知识互补特性的多个Agent，将其分布于网络的各个检测节点，用集成的思想把各Agent的结论进行合成。采用这种多Agent的分布式检测可以有效地提高系统的鲁棒性。实验表明这种方法的检测精度高于单个SVM和Bagging方法。     

基于移动agent的分布式入侵检测系统研究*

为了提高现有分布式入侵检测系统的效率和性能,提出了一种基于移动agent的分布式入侵检测系统模型。将移动agent技术应用于入侵检测中,并给出了其移动agent间的可靠通信方法,实现了agent的协同检测。实验结果表明,由于移动agent的应用,入侵检测系统的节点成为了可移动的部件,从而使该模型具有了更强的抗攻击性和入侵检测能力。