摘要
提出了一种基于代理(Agent)的入侵检测体系结构。该体系克服了当前入侵检测系统(IDS)的部分缺陷,具有分布式检测、响应入侵的能力,并能对单一主机、检测区域和整个网络进行多层次的检测。利用移动代理,整个检测体系可以灵活、动态地配置和方便地扩展。针对IDS日益成为攻击目标的现状,结合现有保护IDS的研究成果,给出了相应的方法,使该体系能有效地抵抗攻击,有更强的生存能力。
This paper presents an intrusion detection architecture based on agents. Overcoming some deficiencies of current IDS, this architecture has the capability of distributed detection and response and practices multi-layer detection on single host, every domain and the whole networks. By using the mobile agents, the whole detection architecture can be extended with convenience and be configured dynamically and flexibly. Aiming at the emerging attacks against IDS and combined with existing solutions protecting IDS, approaches are provided that makes this architecture more powerful to resist and survive attacks.
出处
《计算机工程》
CAS
CSCD
北大核心
2003年第13期71-72,154,共3页
Computer Engineering
基金
武器装备预研基金项目
