| In this paper we start by introducing the predominant problem in the computer network security, and analyses the significance of intrusion detection technology in network security, then introduce some basic knowledge about the intrusion detection technology. After that, we describe the features of existing Distributed Intrusion Detection Systems(DIDS), and discuss the limitations in them.With analysis of the existing DIDS models, we proposed a framework model of DIDS based requisition-coordination. This model abandons the analysis hierarchy which exists in the current DIDS models. In this model, Intrusion Detection Agent(IDA) is the basic analysis unit, and can successfully perform globe data analysis by intelligent coordination between Coordination Agent(CA).Each IDA is an independently-running entity which can detects not only special attack but also complicated attack by exchanging suspicious messages and collecting data with the help of Coordination Agent. This model is an open system with good scalability which is beneficial to integrate intrusion-detecting technology with other security technology such as virus detection technology, vulnerability scanning technology, firewall technology. Furthermore, multiple detection patterns can be adopted in IDA according it's special detection function, and new detection pattern is easy to be expanded to this model.Coordination Agent is "nerve" in this model. We discuss the necessity of Coordination Agent in detail, and summarize it's primary function, design it's functional module; Moreover, we propose how to organize these Coordination Agents in a large network. Intrusion Detection Agent is "backbone" in this model. We describe in particular IDA's function and features, design IDA's functional module, and provide an usual framework for the implementation of IDA. In addition, we also make some exploration in the design of IDA which has some especial detection function. |
PDF Full Text Request