Research Article
Agent-based Distributed Cooperative Intrusion Detection System
@INPROCEEDINGS{10.1109/CHINACOM.2007.4469318, author={LIN Zhao-wen and REN Xing-tian and MA Yan}, title={Agent-based Distributed Cooperative Intrusion Detection System}, proceedings={2nd International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2008}, month={3}, keywords={Intrusion Detection; Distributed Attack; Agent; Cooperative Model}, doi={10.1109/CHINACOM.2007.4469318} }- LIN Zhao-wen
REN Xing-tian
MA Yan
Year: 2008
Agent-based Distributed Cooperative Intrusion Detection System
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2007.4469318
Abstract
Most of intrusion detection systems nowadays are not really distributed systems which cannot detect the distributed or cooperative attacks effectively. In this paper, an Agent-Based Distributed Cooperative Model (ADCM) is proposed, which implements cooperative intrusion detection through efficient, normative event messages exchange among Logic Detection Domains (LDD). Some specific detection agents are also presented which are independent separately, while they can communicate and cooperate with one another to take actions. The ADCM improves the ability of error tolerance and cooperation without degradation of efficiency. Prototype of a distributed intrusion detection system based on ADCM and the extended intrusion detection message exchange format is completed, which proves to be powerful as expected in detecting intrusions.