| With the development of the computer network and attack technique, the traditional technique of intrusion detection has not been sufficient for the requirement of security because of the more and more large-scaled and organizational distributed intrusion. A cooperation intrusion detection model based on the attack strategy analysis is presented, the model is aimed at to deal with the problem that at present time the IDS system lacks for security of itself, the ability of detection for new attacks, intelligent response and severe false positives and false negatives. The model uses the Learning attack strategies from intrusion alerts attack strategy technology, mobile agent technique as well as the modern cooperation intrusion detection theory. In the model each agent can detect intrusion by oneself and co-operate detecting intrusion. It can co-operate with the flaw scanner, firewall and so on. There is a central agent and many local agents in the model, the central agent is the key agent because it can integrate the correlated alerts sent by the local agents, analyze the integrated information and order the local agents to do something according to the requirements. The Cooperation IDS model presented in this paper can decrease the false positives and positive negatives through co-sniffing data, data correlation and strategy analysis, and the problem how to communicate between the agents is solved in the model as the mobile agent is adopted. What's more, this paper shows a scheme on data sniffing, data analysis, and response for the further study. |
PDF Full Text Request