Distributed Intrusion Detection System

Intrusion Detection System(IDS) is a system that can provide active security protection. It detects both intrusion from external hackers and unauthorized access from internal users so it plays an important role in protecting security of computer system.This paper begins with the analysis and research of current intrusion detection technology and distributed data mining, then presents a Distributed Intrusion Detection System model which is cooperative architecture on the basis of agent. The architecture of system and the function and frame of main agents are given. The communication mechanism and cooperation mechanism are also designed in detail. The system combines host-based IDS with network-based IDS, implements cooperative detection function among IDSs in the same domain, and improves detection capability.This paper applies distributed data mining algorithm to IDS, takes some research on distributed pattern extraction which is based on distributed association rules algorithm. We must get frequent item sets from the collected large network packages through data mining and then set up a rule database. This paper focuses on the fast update for globally frequent item sets in distributed environment when the records in database increase. It shows that the algorithm improves the rate and efficient of data mining greatly.At last, the paper draws a conclusion for this system .What's more, the further research direction is given.