Skip to Main Content
The common problems of current intrusion detection systems (IDSs) were analyzed. On the basis of these, a distributed IDS framework model based on independent agents was proposed. This paper described the function of entities, defined the communication and alert mechanisms, and designed some detection agents. The proposed model is an open system with good scalability. There are no control analyzers in it, which avoids the problem of a single point failure. Agents are independent, while they can communicate and cooperate with one another to take actions. The experiment results show that it costs low system resources and network bandwidth. Although the prototype is realized on Linux platform, it is easy to migrate into other platforms for independence of system environment.