| This paper begins with the summny of current IDS research. with the analysis of theexisting Distributed-IDSmodels, we proposed a framework model of distributed-IDSbased on Agents. This model provides the IDS interface for Network and for hosts,which is foundation of the cooperation among different Agents. In distributedenvironment, according to the different system or network usage pattern andenvironment diversity, a various set of agents will be created which cooperate todetect the anomalous aspects. This model is an open system with good scalability Itis easy to add new cooperated hosts and agents and to expand new intrusion patterns.Agents work in a concurrent way without any central controlling module. Thecooperation among Agents is implemented just by the communicaton by which theagents can exchange suspicious messages and collect data. Agents are independentbut cooperate with others When they take their actions. The state-checking and policyof auhentication mechanism ensure the security of the agents themselves and thecommunication among them. This model is independent to some specific applicationenvironment, thus providing a general-purpose framework of an intrusion detectionsystem. The summary of our work was presented in this paper, which includes theaudit scheme and the creaion of the vulnerabi1ity database. We have done a lot ofresearch in this field since it is the foundation of the IDS and is great helpful to ourpractice.
|
PDF Full Text Request