分层协作的多代理入侵检测系统

辽宁石油化工大学学报 ›› 2005, Vol. 25 ›› Issue (3): 71-75.

分层协作的多代理入侵检测系统

吕爱丽, 魏海平^＊, 王福威, 叶小涛

辽宁石油化工大学信息工程学院, 辽宁抚顺113001

收稿日期:2005-03-22 出版日期:2005-03-25 发布日期:2005-03-25
作者简介:吕爱丽(1980 -), 女, 山东寿光市, 在读硕士。

Layered Cooperating Intrusion Detection System Based on Multi -Agent

School of I nformation Engineering , Liaoning University of Petroleum & Chemical Technology ,
Fushun Liaoning 113001, P .R .China

Received:2005-03-22 Published:2005-03-25 Online:2005-03-25

摘要/Abstract

摘要： 　根据分布式入侵检测系统的设计策略, 设计了一个分层协作的多代理入侵检测系统。引入分层协作机制的目的是为了克服单一的主机入侵检测系统以及网络入侵检测系统的某些缺陷。通过各个节点之间的协同工作, 共同检测和防范对系统的入侵行为。系统框架参考目前流行的通用入侵检测框架CIDF 构建。检测方法采用协议分析融合模式匹配的方式。介绍了系统的体系结构, 各部分的功能以及系统实现的一些关键技术。

关键词: 　入侵检测系统, 　分层协作, 　分布式

Abstract:

According to the design tactics of distributed intrusion detection system , a Layered Cooperation Intrusion Detection System (IDS)based on the multi-agent technology was designed .The main aim in layered cooperating IDS focused on overcoming some design shortcomings of the currently available host based IDS and network based IDS .All the detection nodes cooperated with each other to detect and prevent intrusions.The system referred the popular Common Intrusion Detection Framework (CIDF).And the combination of network protocol analysis with pattern match technology was adopted in designing the detection methods. Furthermore , the system' s architecture , each component' s function, and some key techniques of this system were introduced.

Key words: Intrusion detection system , 　Layered cooperation , 　Distributing

吕爱丽, 魏海平, 王福威, 叶小涛. 分层协作的多代理入侵检测系统[J]. 辽宁石油化工大学学报, 2005, 25(3): 71-75.

LvAi -li,WEI Hai -ping,et al. Layered Cooperating Intrusion Detection System Based on Multi -Agent[J]. Journal of Liaoning Petrochemical University, 2005, 25(3): 71-75.

[1]	阚哲，杨凡，韩景宇，孙震，吴东旭. 基于MEEMD的配电网故障选线方法研究[J]. 辽宁石油化工大学学报, 2021, 41(2): 79-84.
[2]	陈论,魏海平,王福威. 一种面向入侵检测的模式匹配算法[J]. 辽宁石油化工大学学报, 2009, 29(1): 69-72.