张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Dong Yongle,Qian Jun,Shi Meilin

DOI: https://doi.org/10.1109/CCECE.2003.1226031

2003-01-01

Abstract:Widespread attacks involving multiple hosts/networks happen more frequently as internetworking among computer systems via the Internet becomes more widely and keeps rapid increase. Due to lack of information, it can be quite difficult for conventional intrusion detection systems to identify such attacks in progress. Cooperative intrusion detection, on the basis of information sharing, is proved as a necessary measure to detect widespread attacks by other researcher D. Frincke (2000), Polla, D. et al., (1998). This paper presents a cooperative approach for intrusion detection that provides a method for individual ID components working cooperatively to perform concerted detections. Being constructed on the basis of ID components, CoIDS can adopt both existed (usually more mature) and new ID techniques. This makes CoIDS extensible and scalable. In addition, an ID component is essentially an autonomous agent, which makes CoIDS available with certain loss of functionality even when the intrusion detection manager does not work. Its reliability is also improved because failure of one ID component will not cause any other to stop working. Furthermore, it improved the accuracy of detection for conventional intrusions by validating analysis result with data from different ID components.

蔡洪民,伍乃骐,陈素,陈沁群

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.06.053

2009-01-01

Abstract:With the great development of computer network,the network security problem becomes more serious,the single IDS can not meet the needs of network security,so the DIDS comes forth.A distributed intrusion detection system is brought forward,the inverted connection technology of the rebound Trojan horse is applied to the communication between agents and server,the agents adopt multi-thread technology to capture the packets,and it can detect the Trojan horse by the incorporation of the system process and the port communication.The server can deploy the uniform tactics to the agents and it can monitor the agents in real time,and so the DIDS en-hances the network security.

Xiaoping Yang,Yu Dou

DOI: https://doi.org/10.1109/wcica.2004.1342340

2004-01-01

Abstract:To overcome some problems related to current Intrusion Detection System (IDS), such as high false negative and false positive rate, complex configuration, high cost and the inability to cooperate among components in the system, authors proposed a distributed IDS prototype. The system consists of control centers, proxies and sensors. In conjunction, authors also proposed a special communication protocol, CDIDSTP for the transparent communication between control centers and sensors via proxy. Combining carefully designed sensors and modulated IDS functions, an effective, highly auto-configurable IDS is implemented. In addition, the modulated IDS functions make the cooperation of same functional components within sensor possible.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

DING Guo-liang,WANG Xi-wu,CHEN Kai-yan,WANG Jia-zhen

DOI: https://doi.org/10.3969/j.issn.1001-9383.2006.01.004

2006-01-01

Abstract:The problems of existing Intrusion detection system(IDS)is analyzed,a kind of distributed architecture of uniting the level and equal structures,is put forward,and the realizations of detection agent and communication protocol are given.The experiments proves this the system may carry out intrusion detection under distributed net- work environment.

Chenlin Huang,Hui Zhao,Huaping Hu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.06.017

2001-01-01

Abstract:Intrusion Detection(ID)is an important aspect in network security technology. As to enterprises′ Intranet,the approaches of layered filtration,distributed processing,hierachical management,security communication and autonomous agent are adopted to our architecture to put forward a Hierachical Intrusion Detection System Based on Distributed Autonomous Agents,and the architecture and the detailed design of the IDS are presented. The IDS has the desirable characteristics of real-time detection,real-time response,in-time recovery,robustness and scalahility and so on.

徐漫江,曹元大

DOI: https://doi.org/10.3969/j.issn.1001-0645.2004.09.012

2004-01-01

Abstract:The structural design, cooperation and data fusion in a distributed intrusion detection system are investigated. A tree-structured distributed intrusion detection system and its components are illustrated detailed. The cooperation method in this system using blackboard, is explained. A CFAR (constant false alarm rate) method is used to fusion the distributed analysis result. A group of examples are used to show the validity of such a system.

Hongmin Cai,Naiqi Wu

DOI: https://doi.org/10.1109/WCINS.2010.5541796

2010-01-01

Abstract:With the fast development of computer network, the problem of network security becomes more and more serious. The single firewall can not solve the problem entirely and an intrusion detection system is helpful. This paper presents the design and development of a distributed intrusion detection system to protect the network security. Experiments shows that it works well.

刘科,韩宗芬,卢毅军,金海

DOI: https://doi.org/10.3321/j.issn:1671-4512.2001.11.017

2001-01-01

Abstract:Aiming at the new architecture of distributed computing and cluster server, this paper proposes Distributed Micro-intrusion System. It distributes M-IDS(Micro-Intrusion detection system) to every nodes of the protected sub-network. M-IDS can not only detect direct intrusion independently, but can also detect collaborative intrusion cooperated with central Processing node. In order to have self-adaptability while at the same time having the advantages of Misuse Detection, a misuse detection technique based on neural network is introduced.

KANG Song-lin,FAN Xiao-ping,FEI Hong-xiao,HU Ci-yuan,SUN Yong-xin

DOI: https://doi.org/10.3969/j.issn.1672-7207.2007.06.028

2007-01-01

Abstract:Combined network management system with intrusion detection system(IDS),the architecture of distributed intrusion detection system based on management agent was established.Good properties such as autonomy,cooperativity,communication mechanism among management agent were studied.Function structure of management agent was established and scheduling agent algorithm was also designed based on genetic algorithm.Management objects related to intrusion detection in management information base(MIB) were analyzed to form rules from different network levels.A distributed intrusion detection system with hierarchical structure and self-security was designed to monitor the running context of the system,and the rules were mined in intrusion detection from MIB according to the essence of network attack.The result shows that this method is efficient enough to meet the need of active detect complex intrusion.

史亮,李斌,庄镇泉

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.02.003

2005-01-01

Abstract:In this paper we present a multi-agent-based distributed intrusion detection system. This system distributes the intrusion detection work of the whole network into each host, overcomes the problem of single point invalidation and the bottleneck of treatment ability in centralized or hierarchical systems; gives the task of management and distributed intrusion detection for the whole network to the network security management agent NSMA and use the cooperation between NSMAs instead of the cooperation between the low-level detection points, improving the detection and management ability. We also introduce the function redundancy idea into the system design, and overcome the single point invalidation problem while improving the system's real-time intrusion detection ability. This paper presents the system design idea and realization plan in detail, and at the same time, it gives the resolution plan for the relevant problems.

陈浩

DOI: https://doi.org/10.3969/j.issn.1009-3044.2009.27.028

2009-01-01

Abstract:In order to make the campus network security management more convenient,easier to expand functionality. Intrusion detection technology in the study based on a campus network for the use of Distributed Intrusion Detection Framework. And the realization of this framework based on the campus network Distributed Intrusion Detection System.

Jaydip Sen

DOI: https://doi.org/10.48550/arXiv.1111.0382

2011-11-02

Cryptography and Security

Abstract:The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.

Peng Ning,Sushil Jajodia,X. Sean Wang

2013-01-01

Abstract:Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

SHI Li-li,XUE Zhi,WANG Yi-jun

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.02.022

2008-01-01

Abstract:This paper presents the Distributed Firewall and Invading Detection Technique, analyzes their deficiencies, discusses and researches the combination technique, explains the design principle and implementation of the combination system based on the Distributed Firewall and Invading Detection Technique. Through the union system, the firewall may using the IDS discover promptly the attack behavior outside its strategy, the IDS also may block the attack behavior from exterior network through the firewall, thus can form one kind of safe protection system with effective interaction, en-hanced the network whole safety performance enormously.

YANG Jun-long,YU He-wei

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.017

2010-01-01

Abstract:We give a new framework which integrates multi-agent and distributed intrusion detection system(DIDS) to solve defects of normal DIDS. This paper gives detail description of the new framework. We found that the existed multi-agent intrusion detection system mostly use rule base to detect intrusion, lack intelligence detection. We combine immune mechanism and multi-agent intrusion detection system to give a new IDS which base on immune mechanism and multi-agent, the new system can improve accuracy and detection rate of attacks, at last we give the description of the system we designed.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.