基于多主体技术的分布式入侵检测系统的研究与设计

本文提出了一种基于多主体技术的分布式入侵检测系统。该系统将整个网络的入侵检测工作分配到各台主机上进行，克服亍中心化和层次化入侵检测系统所存在的单点失效和处理能力瓶颈问题；将面向整个网络的管理任务和分布式入侵检测任务交给网络安全管理主体NSMA来处理，用NSMA之间的协作代替各个底层检测节点间的协作，提高了系统的的检测和管理能力；在系统设计上引入了功能冗余的思想，在有效克服单点失效问题的同时提高了系统对入侵的实时枪测能力．太文详细论述了系统设计思想和实现方案．并给出了相关技术问题的解决方法。

Research and Design of Multi-Agent-Based Distributed Intrusion Detection Systems

In this paper we present a multi-agent-based distributed intrusion detection system. This system distributes the intrusion detection work of the whole network into each host, overcomes the problem of single point invalidation and the bottleneck of treatment ability in centralized or hierarchical systems; gives the task of management and distributed intrusion detection for the whole network to the network security management agent NSMA and use the cooperation between NSMAs instead of the cooperation between the low-level detection points, improving the detection and management ability. We also introduce the function redundancy idea into the system design, and overcome the single point invalidation problem while improving the system's real-time intrusion detection ability. This paper presents the system design idea and realization plan in detail, and at the same time, it gives the resolution plan for the relevant problems.