基于协同的分布式入侵检测模型研究

有效的数据交互与共享是分布式入侵检测的前提。提出协同的概念，并从实现信息共享和协同角度，对分布式入侵检测系统存在的主要技术难点进行分析，由此在系统结构、策略管理、检测技术等层次上提出了一种新型的层次化组件协同模型(HGCM)。该模型针对分布式数据源进行分布式协同处理，从负载动态均衡、组件通信等方面在各个组件之间实现高效的信息共享和协同分析，避免了关键节点的处理瓶颈，提高了系统的容错性和协同能力，以实现真正意义上的分布式入侵检测。

Study of Distributed Intrusion Detection Based on Cooperation

It is an important premise that data are effectively exchanged and shared in the course of distributed intrusion detection. After proposing the concept of cooperation and analysing main technological difficulties of distributed intrusion detection system from angles of information share and cooperation,this paper presents a novel hierarchical groupware cooperation model(HGCM) based on system structure, strategy management and detection technology, which is applied to a distributed intrusion system.By actualizing information share and cooperation analysis between groupwares at several aspects of dynamic load proportion and communication cooperation, this mode disposes distributed data in distributed mode, avoids disposal bottle-neck of critical nodes, improves the ability of error-tolerance and cooperation without degradation of efficiency so as to achieve all-round performance of distributed intrusion detection system.