摘要
先分析了现有的入侵检测系统及其弱点,在此基础上,提出了一个采用多Agent的体系结构。它应用Agent的概念和方法来构造入侵检测的各个部件,通过多Agent技术来实现检测自治化和多主机间检测信息的协调,并以此达成分布式入侵的协作检测。还指明了实现原型系统的关键技术和方法。最后对系统做出简要评价。
Distributed intrusion detection systems (DIDS)have many advantages in theory.However,there are some impediments when they are implemented.In this paper,we propose a novel architecture applied with multi -agent technology.The architecture employs the concept of agent to the building of system components.With multi -agent technology,we can effectively achieve autonomy of detections and coordinate processing of information from each monitored host,and then complete collaborative discovery of distributed intrusive actions.We point out some key technologies for the implement of our demo system and give some evaluation from tests.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第29期139-141,171,共4页
Computer Engineering and Applications
