张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

TAN Min,HU Xiao-long,LIU Lian-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.055

2008-01-01

Abstract:In view of the weakness of current intrusion detection system and intrusion analysis method,a distributed fusing multi detection technology intrusion detection system model based on multi-Agent is brought forward.Apart from traditional analysis technology,file integrity analysis method based on mobile agent is added to the analysis Agent too.The model realizes the dist-ribution of intrusion detection,owns good scalability,improves the accuracy of intrusion detection,enhances the intrusion detection system's capability by using multi detection technology.So it can meet extensive security demand of the distributed network envi-ronment.

刘姝,姜浩,姜文峰

DOI: https://doi.org/10.3969/j.issn.1673-629X.2003.12.017

2003-01-01

Abstract:With the more and more widely and deeply using of computer,everything is influenced by the network not only the basic information sharing but also the communication with others. The security of the computer systemis outstanding and complicated. The traditional and single IDS can't effectively resolve the secure problem which come forth recently. In this paper discuss the advantage of multi-Agents and set up a multi-Agents based on intrusion detection model.The data in the test shows that the system can deal with the intrusion and the mistake.

李辉,蔡忠闽,韩崇昭,管晓宏

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.09.008

2003-01-01

Abstract:State of the art of the Intrusion Detection technology is investigated and a new IDS inference framework and prototype based on information fusion is proposed. The new framework is to solve the problems of existing IDS——high false positive rate and incapable of detection of coordinated attacks. The prototype employ Bayesian Network to do information fusion and goal-tree to analyze intensions of coordinated attacks and quantify the security risk of system. The prototype is more integral than existing IDS and easier to find coordinated attacks with lower false positive rate.

YU Zhong,YU Hui,LI Wei-hua

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.06.035

2007-01-01

Abstract:Through analyzing and studying the characteristics of large-scale network intrusion detection,a system structure which based on multi-agents alliance was proposed.In which,we use the plan knowledge chart to describe the intruder's attack attention,and through analyzing its strategy,proposed a method of work division and coordination amongst the multi-agents alliance.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

HUANG Liang,TANG Wen-zhong

2006-01-01

Journal of Computer Applications

Abstract:The shortages of current intrusion detection systems were analyzed, and the necessity of collaboration was discussed. A mutiagent collaborative intrusion detection framework was put forward. It adopted distributed detection and centralized analysis architecture, generic alert form and secure transfer protocol in this system, unified dispatch by coordinate engine to manage cooperative request, collect relative data and distribute alerts and new rules. This system can well implement information sharing among multiagents and achieve collaborative detection after test and application.

Ran Zhang,Depei Qian,Chongming Bao,Weiguo Wu,Xiaobing Guo

DOI: https://doi.org/10.1109/ICCNMC.2001.962638

2001-01-01

Abstract:Intrusion detection research has been conducted for nearly 20 years but still remains in its infancy. The existing intrusion detection system architectures have a number of problems that limit their configurability, scalability, and efficiency. This paper first discusses the threats to networked computer systems, and introduces the intrusion detection mechanisms and agent technologies. On the basis of the above discussion, a multi-agent based intrusion detection architecture for LAN is proposed. This architecture can be easily extended and maintained, supporting distributed and intelligent intrusion detection. In addition, it can enhance the whole system detection efficiency greatly

LIU-Yi,Xiao-guang GAO,Guang-shan LU,Hong-lin CHEN

DOI: https://doi.org/10.3969/j.issn.1002-0640.2007.09.004

2007-01-01

Abstract:An information fusion and decision-making system based on multi-agent architecture is proposed in this paper.The multi-agent technology is applied to airborne information system.The airborne multi-agent information architecture is described in detail as an example to show that this method is feasible and effective.

Hongbin Han

2006-01-01

Abstract:Facing the fast developing Internet,the ability of traditional intrusion detection system becomes weaker.This paper focuses on introducing computer immunity and multi-agent technology into the traditional intrusion detection system to design a computer's immunity-based multi-agent intrusion detection system.Compared with the traditional system,this system is flexible,distributed,intelligent and so on.It can finish the intrusion detection and defence completely.

SH Teng,W Zhang,NQ Wu,YM Zhao

2004-01-01

Abstract:This paper presents the three-layer intrusion detection framework. The filtering and preprocessing process of data is performed at layer 1; The detection based on features and rules is carried out at layer 2; And at layer 3, the fusing process of data which results from the layer 1 and the layer2 is implemented. This model is designed by distribution technique. The system is composed of many intrusion detection agents, which complete the detection task together. The model is self-adaptable, that is, it can improve itself to get better effect of detection during using it.

YANG Jun-long,YU He-wei

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.017

2010-01-01

Abstract:We give a new framework which integrates multi-agent and distributed intrusion detection system(DIDS) to solve defects of normal DIDS. This paper gives detail description of the new framework. We found that the existed multi-agent intrusion detection system mostly use rule base to detect intrusion, lack intelligence detection. We combine immune mechanism and multi-agent intrusion detection system to give a new IDS which base on immune mechanism and multi-agent, the new system can improve accuracy and detection rate of attacks, at last we give the description of the system we designed.

丁学英,唐文忠

DOI: https://doi.org/10.3969/j.issn.1006-2475.2004.11.012

2004-01-01

Abstract:The paper first introduces mobile agent technology,and brings forward a distributed intrusion detection framework based on mobile agent,at last explains the working principle of the framework linking a few instances.

WU Jun,WANG Chong-Jun,WANG Jun,CHEN Shi-Fu

DOI: https://doi.org/10.1109/WI-IATW.2006.61

2006-01-01

Abstract:At present, distributed intrusion detection systems are taking on more and more characteristic of distributing and intelligence. Multi-agent system (MAS), which shows its intelligence by the interaction of a group of intelligent agents, is a popular tool for building novel intrusion detection systems (IDSs). The BDI (belief-desire-intention) model is a well studied architecture of agency for intelligent agents situated in complex and dynamic environments. Traditional MAS-based distributed IDSs commonly do their detection work within a framework that employs the method of distributed data collection and hierarchical data analysis. This is a simple and strict method, but it restricts the characteristic of distributing, intelligence and real-time response badly. In this paper, we present a dynamically-created hierarchical framework, and then bring forward the basic algorithm system to support it. We introduce the opponent BDI model to our agents, and realize the detection based on multi-agent cooperation, which effectively improves the traditional distributed intrusion detection

Xiang Mu,Yang Xiaoping

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.19.044

2006-01-01

Abstract:Nowadays,there's rapid improvement in the transferring and processing speed of the infrastracture in Internet.And the Hacking technology tend to be more diversified and complicated.The speed of HT is becoming higher and higher,and the scale is getting to be larger and larger,so the existing IDS(Intrusion Detection System) is gradually turning to be not sufficient.Under this background,we bring forward a new IDS model on the basis of the research in MA(Mobile Agent technology) which is different from the existing frame model:MA-DIDS.

Jianping Zeng,Donghui Guo

DOI: https://doi.org/10.5220/0002516401760181

2005-01-01

Abstract:More and more application services are provided and distributed over the Internet for public access. However, the security of distributed application severs is becoming a serious problem due to many possible attacks, such as deny of service, illegal intrusion, etc. Because of weakness of the firewall systems in ensuring security, intrusion detection system (IDS) becomes popular. Now, many kinds of IDS systems are available for serving in the Internet distributed system, but these systems mainly concentrate on networkbased and host-based detection. It is inconvenience to integrate these systems to distributed application servers for application-based intrusion detection. An agent-based IDS that can be smoothly integrated into applications of enterprise information systems is proposed in this paper. We will introduce its system architecture, agent structure, integration mechanism, and etc. In such an IDS system, there are three kinds of agents, i.e. client agent, server agent and communication agent. This paper is also to explain how to integrate agents with access control model for getting better security performance. By introducing standard protocol such as KQML, IDMEF into the design of agent, our agent-based IDS shows much more flexible for built in different kinds of software application system.

CAO Zhigang,WANG Shenkang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.058

2005-01-01

Abstract:The framework model proposed in this paper is a distributed intrusion detecting system based on a tridimensional agent.The framework is an open system, which has good scalability. It adopts a central controlling module and a detecting module for side-by-side agent, which can dependently control and process. It also can track in and note the intrusing data, then test it. The state-checking mechanism and policy of authentication in this model ensure the security of the agents themselves and the communication among them.

DAI Hang,ZHANG Xin-Jia,ZOU Yi-Xin

2006-01-01

Microprocessors

Abstract:By analyzing the tradition intrusion detection system,we propose the mobile agent-based intrusion detection system by introducing mobile agent theory.The system construction and working flow are devised in the paper.The result tells us IDS based on mobile agent is effective.

Chenlin Huang,Hui Zhao,Huaping Hu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.06.017

2001-01-01

Abstract:Intrusion Detection(ID)is an important aspect in network security technology. As to enterprises′ Intranet,the approaches of layered filtration,distributed processing,hierachical management,security communication and autonomous agent are adopted to our architecture to put forward a Hierachical Intrusion Detection System Based on Distributed Autonomous Agents,and the architecture and the detailed design of the IDS are presented. The IDS has the desirable characteristics of real-time detection,real-time response,in-time recovery,robustness and scalahility and so on.