摘要： 分析了当前入侵检测系统及其存在的问题，提出一个基于Agent的分布式协作检测模型(ADCM)，给出其原型系统。该模型通过逻辑检测域(LDD)之间的协作通信，完成对新型分布式攻击的检测。实验证明ADCM可以有效地检测出具有一定隐蔽性的、分布式的协作攻击。

关键词: 入侵检测, 分布式攻击, 代理, 协作模型

Abstract: Most of intrusion detection systems nowadays are not really distributed systems which cannot detect the distributed or cooperative attacks effectively. This paper proposes an Agent-based Distributed Cooperative Model(ADCM), which implements cooperative intrusion detection through efficient, normative event messages exchange among Logic Detection Domains(LDDs). It describes the functions of entities, defines the communication mechanisms, and designs some detection Agents which are independent separately, while they can communicate and cooperate with one another to take actions. Results show that ADCM can improve the ability of detecting stealthily and distributed cooperative attacks.

Key words: intrusion detection, distributed attack, Agent, cooperative model

中图分类号: 

• TP393