摘要
入侵检测是一个比较新的、迅速发展的领域,已成为网络安全体系结构中的一个重要环节。本文通过对多代理技术和两种入侵检测方法的研究,提出了一种基于异常和误用检测协同的多代理分布式入侵检测系统模型,并且对该模型的结构和代理的处理流程进行了描述,该模型是一个开放的系统模型,具有很好的可扩展性,易于加入新的入侵检测代理,也易于增加新的入侵检测模式,代理之间的协同采用独立的通信服务代理来实现。
Intrusion detection safety system construction. By is a new, quickly developed realm and has become a key link in network dealing with the current intrusion detection system (IDS) with anomaly detection and misuse detection, a multi-agent distributed system model with anomaly detection and misuse detection is presented, and its architecture and intrusion agent processing flow chart are described as well. This model is extended, as an open system, to where the new IDAs and ID modes can be easily added. Communications of these agents are realized by transmit service agent.
出处
《信息工程大学学报》
2005年第4期1-4,共4页
Journal of Information Engineering University
基金
国家973基金资助项目(1999035801)
河南省自然科学基金资助项目(SP200304098)
关键词
入侵检测
异常检测
误用检测
代理/多代理
intrusion detection
anomaly detection
misuse detection
agent/multi-agent
