With more and more sites intruded by hackers, security experts find it's not enough to build a security system in the defensive way. Intrusion Detection is a new security technology, apart from the traditional ones such as firewall, authentication and cryptography. With attackers use distributed approach, we also need distributed IDS. Being intelligent, distributed and large network-based are the important aspects that many IDSs put emphasis on.This paper describes a dynamically configurable Intrusion Detection System, which has good distributed and scalable ability. It will apply into the different domains and environments with different expanding. It is two levels organized without a central management. It consists of sub-IDSs and regional controllers. One regional controller manages a set of sub-IDSs, which are deployed throughout the monitored network infrastructure, responsible for the security analysis. The regional controllers are able to dynamically manage the configurations of sub-IDSs. At the end of the paper, it implements the porting onto MAC OS X. |