张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

段海新,吴建平

DOI: https://doi.org/10.13328/j.cnki.jos.2001.09.015

2001-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:An integrative taxonomy for intrusion detection technologies is proposed, which can specify accurately existing intrusion detection methods. Aiming at multiple-domain environments, a distributed cooperative intrusion detection system (DCIDS) is designed, which implements cooperative intrusion detection through efficient, secure information exchange among IDSes in different domain. The architecture of intrusion detection systems is described, as well as its four components: sensor, analyzer, manager and user-interface. Some key issues are also discussed, including secure communication and selection of detection places.

Hongmin Cai,Naiqi Wu

DOI: https://doi.org/10.1109/WCINS.2010.5541796

2010-01-01

Abstract:With the fast development of computer network, the problem of network security becomes more and more serious. The single firewall can not solve the problem entirely and an intrusion detection system is helpful. This paper presents the design and development of a distributed intrusion detection system to protect the network security. Experiments shows that it works well.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.

DING Guo-liang,WANG Xi-wu,CHEN Kai-yan,WANG Jia-zhen

DOI: https://doi.org/10.3969/j.issn.1001-9383.2006.01.004

2006-01-01

Abstract:The problems of existing Intrusion detection system(IDS)is analyzed,a kind of distributed architecture of uniting the level and equal structures,is put forward,and the realizations of detection agent and communication protocol are given.The experiments proves this the system may carry out intrusion detection under distributed net- work environment.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

刘科,韩宗芬,卢毅军,金海

DOI: https://doi.org/10.3321/j.issn:1671-4512.2001.11.017

2001-01-01

Abstract:Aiming at the new architecture of distributed computing and cluster server, this paper proposes Distributed Micro-intrusion System. It distributes M-IDS(Micro-Intrusion detection system) to every nodes of the protected sub-network. M-IDS can not only detect direct intrusion independently, but can also detect collaborative intrusion cooperated with central Processing node. In order to have self-adaptability while at the same time having the advantages of Misuse Detection, a misuse detection technique based on neural network is introduced.

杨武,方滨兴,云晓春,张宏莉,胡铭曾

DOI: https://doi.org/10.3969/j.issn.1007-5321.2004.04.017

2004-01-01

Abstract:The performance bottleneck of the traditional network intrusion detection system (NIDS) is investigated in order to design and implement a high-performance distributed intrusion detection system (HDIDS) to detect network intruders by passively monitoring a network link. Experiments indicate that the data processing of our HDIDS is increased by about 3 times more than that of the traditional NIDS.

Chenlin Huang,Hui Zhao,Huaping Hu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.06.017

2001-01-01

Abstract:Intrusion Detection(ID)is an important aspect in network security technology. As to enterprises′ Intranet,the approaches of layered filtration,distributed processing,hierachical management,security communication and autonomous agent are adopted to our architecture to put forward a Hierachical Intrusion Detection System Based on Distributed Autonomous Agents,and the architecture and the detailed design of the IDS are presented. The IDS has the desirable characteristics of real-time detection,real-time response,in-time recovery,robustness and scalahility and so on.

YANG Jun-long,YU He-wei

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.017

2010-01-01

Abstract:We give a new framework which integrates multi-agent and distributed intrusion detection system(DIDS) to solve defects of normal DIDS. This paper gives detail description of the new framework. We found that the existed multi-agent intrusion detection system mostly use rule base to detect intrusion, lack intelligence detection. We combine immune mechanism and multi-agent intrusion detection system to give a new IDS which base on immune mechanism and multi-agent, the new system can improve accuracy and detection rate of attacks, at last we give the description of the system we designed.

Zhang Yunpeng,Hu Fei,Ma Chunyan,Lu Wei,Li Mei

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.045

2005-01-01

Abstract:This paper establishes and accomplishes the intrusion detection system,SC-IDS.It combines the knowledge-based IDS and anomaly-based IDS into a system,it accords with P2DR model and the distributed framework.It surmounts the shortcoming of traditional ways of detection,for example,high false positive and false negative rate;can't adapt large-scale network;can't cooperate with other security product etc.It gains a good effect after operation.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

陈丽丽,李卫,管晓宏,祝春华

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.06.035

2004-01-01

Abstract:NIDS (Network Intrusion Detection System) as an important security protection tool has become a hotspot for research. We introduce the basic concept of IDS and its primary components and common classification first, then we present the framework of a net-based IDS and its implementation in detail. We put forward our views about the current research of IDS and its prospect last.

KANG Song-lin,FAN Xiao-ping,FEI Hong-xiao,HU Ci-yuan,SUN Yong-xin

DOI: https://doi.org/10.3969/j.issn.1672-7207.2007.06.028

2007-01-01

Abstract:Combined network management system with intrusion detection system(IDS),the architecture of distributed intrusion detection system based on management agent was established.Good properties such as autonomy,cooperativity,communication mechanism among management agent were studied.Function structure of management agent was established and scheduling agent algorithm was also designed based on genetic algorithm.Management objects related to intrusion detection in management information base(MIB) were analyzed to form rules from different network levels.A distributed intrusion detection system with hierarchical structure and self-security was designed to monitor the running context of the system,and the rules were mined in intrusion detection from MIB according to the essence of network attack.The result shows that this method is efficient enough to meet the need of active detect complex intrusion.

陈雪斌,刘峰,赵志宏,骆斌

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.14.048

2009-01-01

Abstract:To meet the security requirements of distributed intrusion detection system(DIDS),after analyzing the system infrastructure,authentication and safe communications of DIDS,a secure architecture for distributed intrusion detection system called SADIDS is presented.Mobile agent technology is adopted to implement the detection engine,public key infrastructure(PKI) and elliptic curve cryptosystem(ECC) are used to ensure its security.It keeps IDS safe with the advantages of easy implementation,flexibility and mobility.

Xiaoping Yang,Yu Dou

DOI: https://doi.org/10.1109/wcica.2004.1342340

2004-01-01

Abstract:To overcome some problems related to current Intrusion Detection System (IDS), such as high false negative and false positive rate, complex configuration, high cost and the inability to cooperate among components in the system, authors proposed a distributed IDS prototype. The system consists of control centers, proxies and sensors. In conjunction, authors also proposed a special communication protocol, CDIDSTP for the transparent communication between control centers and sensors via proxy. Combining carefully designed sensors and modulated IDS functions, an effective, highly auto-configurable IDS is implemented. In addition, the modulated IDS functions make the cooperation of same functional components within sensor possible.

史亮,李斌,庄镇泉

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.02.003

2005-01-01

Abstract:In this paper we present a multi-agent-based distributed intrusion detection system. This system distributes the intrusion detection work of the whole network into each host, overcomes the problem of single point invalidation and the bottleneck of treatment ability in centralized or hierarchical systems; gives the task of management and distributed intrusion detection for the whole network to the network security management agent NSMA and use the cooperation between NSMAs instead of the cooperation between the low-level detection points, improving the detection and management ability. We also introduce the function redundancy idea into the system design, and overcome the single point invalidation problem while improving the system's real-time intrusion detection ability. This paper presents the system design idea and realization plan in detail, and at the same time, it gives the resolution plan for the relevant problems.

陈浩

DOI: https://doi.org/10.3969/j.issn.1009-3044.2009.27.028

2009-01-01

Abstract:In order to make the campus network security management more convenient,easier to expand functionality. Intrusion detection technology in the study based on a campus network for the use of Distributed Intrusion Detection Framework. And the realization of this framework based on the campus network Distributed Intrusion Detection System.