摘要
在分析现有基于agent的入侵检测系统(IDS)基础上,提出了一种基于证据推理的多agent分布式两级IDS模型。该模型采用分布检测、分布响应的模式,通过多agent技术的思想建立系统总体结构,给出了模型的各个组成部分,并对结构中各种agent与中心控制台的功能设计进行了分析。同时,为了提高中心控制台的融合性能,设计了一种可有效减少证据合成计算量又可确保合成准确性的证据推理算法,并对动态选举算法、协同算法进行了初步分析。系统可充分利用各种资源协同完成入侵检测任务,实时响应,有效地改进了传统IDS。
This paper proposed a distributed IDS (DIDS) model utilizing both multi-agent and evidence reasoning by analyzing the existed agent-based IDS, which adopted the method of distributed detection, distributed response and the ideology of multi-agent. And it described all the composed parts of DIDS model and analyzed the function design of all kinds of agent and the control centre. To improve the performance of the control centre, presented an algorithm for evidence reasoning to decrease the computation and increase the accuracy of combination. Furthermore, discussed the algorithms of dynamic election and cooperation preliminarily. The proposed DIDS may make full of all kinds of information to cooperatively complete the detection and make real-time response, which effectively improves the traditional IDS.
出处
《计算机应用研究》
CSCD
北大核心
2009年第8期3063-3066,共4页
Application Research of Computers
