[转载]基于多Agent的分布式入侵检测系统设计与实现

文章作者：陈蔚-南京航空航天大学

摘要：此文先分析了现有的入侵检测系统及其弱点，在此基础上，提出了一个采用多Agent的体系结构。它应用Agent的概念和方法来构造入侵检测的各个部件，通过多Agent技术来实现检测自治化和多主机间检测信息的协调，并以此达成分布式入侵的协作检测。还指明了实现原型系统的关键技术和方法。最后对系统做出简要评价。
关键词：入侵检测系统（IDS）；代理；分布式；JADE
中图分类号：TP18
Abstract: Distributed intrusion detection systems (DIDS) have many advantages in theory. However, there are some impediments when they are implemented. In this paper, we propose a novel architecture applied with multi-agent technology for distributed IDS. The architecture employs the concept of agent to the building of system components. With multi-agent technology, we can effectively achieve autonomy of detections and coordinate processing of information from each monitored host, and then complete collaborative discovery of distributed intrusive actions. We point out some key technologies for the implement of our demo system and give some evaluation from tests.
Key Words: Intrusion Detection System (IDS); Agent; Distributed; JADE